Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This playbook will release a machine from isolation in Microsoft Defender for Endpoint. It is triggered by an incident creation in Microsoft Sentinel. The playbook will search for the host entity in the incident and then search for the machine in Microsoft Defender for Endpoint. If the machine is found, it will be unisolated.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | MicrosoftDefenderForEndpoint |
| Source | View on GitHub |
This playbook uses 2 Logic App connectors / built-in actions:
| Connector / Action | Type | Connections | Actions |
|---|---|---|---|
azuresentinel |
Managed | 1 | 3 |
wdatp |
Managed | 1 | 2 |
azuresentinel (Managed)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Entities_-_Get_Hosts | post | /entities/host |
— |
| Add_comment_to_incident_(V3) | post | /Incidents/Comment |
— |
| Add_comment_to_incident_(V3)1 | post | /Incidents/Comment |
— |
wdatp (Managed)| Action | Method | Endpoint | Other |
|---|---|---|---|
| Machines_-_Get_list_of_machines | get | /api/machines |
— |
| Actions_-_Unisolate_machine | post | /api/machines/@{encodeURIComponent(variables('MDEDeviceId'))}/unisolate |
— |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊