Microsoft Defender for Endpoint Integration User Guide

The Microsoft^® Defender for Endpoint integration allows you to ingest alerts into ThreatConnect^® and then automate triage and investigative actions across your security stack.

There is a Playbook App and a Service App for this integration, each of which can be found in the ThreatConnect App Catalog under the names Microsoft Defender for Endpoint and Microsoft Defender for Endpoint Service, respectively. The Playbook App provides a powerful set of actions that can be leveraged within a larger security workflow orchestration or even simple automation. Immediate actions can be taken to investigate, stop, and remediate potential threats at the endpoint, based on external threat intelligence.

This guide covers how to install the Microsoft Defender for Endpoint Service App, configure and activate a corresponding Service, and create a Playbook that uses the custom Trigger Service.

  

ThreatConnect^® is a registered trademark of ThreatConnect, Inc.
TC Exchange™ is a trademark of ThreatConnect, Inc.
Azure^® and Microsoft^® are registered trademarks of Microsoft Corporation.