Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This playbook will run a antivirus (full) scan on the machine in Microsoft Defender for Endpoint. It is triggered by an incident creation in Microsoft Sentinel. The playbook will look for the host entities in the incident and run a scan on the machine in MDE. If the host is not found in MDE, it will add a comment to the incident.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | MicrosoftDefenderForEndpoint |
| Source | View on GitHub |
This playbook uses 2 Logic App connectors / built-in actions:
| Connector / Action | Type | Connections | Actions |
|---|---|---|---|
azuresentinel |
Managed | 1 | 3 |
wdatp |
Managed | 1 | 2 |
azuresentinel (Managed)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Entities_-_Get_Hosts | post | /entities/host |
— |
| Add_comment_to_incident_(V3) | post | /Incidents/Comment |
— |
| Add_comment_to_incident_(V3)_1 | post | /Incidents/Comment |
— |
wdatp (Managed)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Machines_-_Get_list_of_machines | get | /api/machines |
— |
| Actions_-_Run_antivirus_scan | post | /api/machines/@{encodeURIComponent(variables('MDEDeviceId'))}/runAntiVirusScan |
— |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊