Microsoft Defender for Endpoint
Microsoft Defender for Endpoint is an Endpoint Detection and Response (EDR) offering.
Microsoft Defender for Endpoint is an Endpoint Detection and Response (EDR) offering. In Cisco XDR, we enable Defender for Endpoint users to leverage it for incident detection functions, threat hunting and investigation features, and rapid response actions to understand and defend against threats on the endpoint. It provides important device inventory context to help triage detected threats.
Integration with Microsoft Defender for Endpoint allows you to incorporate Microsoft Defender for endpoint detections into XDR's overall incident detection and correlation capabilities. Use the Defender for Endpoints integration to also search for security detections involving specific hostnames, machine IDs, IPs, and file hashes. Defender for Endpoints can be used through Cisco XDR to isolate hosts from the network and block many types of observables, including file hashes, network resources (such as IP addresses, domains, and URLs), and certificates. This integration can also be used to provide host information, including vulnerability information for use in triaging incidents and detections.
Note: This integration requires XDR Advantage or XDR Premier licensing tier.
These are workflows that you can install in Cisco XDR automation and use with this integration. These are different from built-in workflows which are built into Cisco XDR by default for all customers.
These workflows are built into Cisco XDR automation and can be used with this integration. These are different from installable workflows, which are optional workflows you can install from Cisco and its partners.
These actions can be used in Cisco XDR automation to build workflows for this product. Workflows can help you automate how you investigate, respond to incidents, and more.