Forum Discussion
Haim Goldshtein
Mar 07, 2019Microsoft
Automate Windows Defender ATP response action: Machine isolation
5 Minutes
Low complexity
Response teams rely on powerful actions that allow them take immediate action when a threat is identified. Being able to automate those response actions is ...
Mike Dickin
May 15, 2020Copper Contributor
Haim Goldshtein is it possible to programatically list which machines are in an isolated state?
Last night we had ~100 false positive alerts due to an over-enthusiastic (!) detection based on O365 which resulted in ~80 machines being automatically isolated with my Flow. Whilst we manually went through them one at a time last night to release them, I think due to some of them being off-line it looks like the release isolation has timed out and today some are still isolated but we are either waiting for the owners to call us or have to check them all individually again?
Thanks
Mike