Forum Discussion

Haim Goldshtein's avatar
Haim Goldshtein
Icon for Microsoft rankMicrosoft
Mar 07, 2019

Automate Windows Defender ATP response action: Machine isolation

5 Minutes  Low complexity    Response teams rely on powerful actions that allow them take immediate action when a threat is identified. Being able to automate those response actions is ...
Bokonon's avatar
Bokonon
Copper Contributor
Apr 28, 2019

Mattias Borg This is exactly what I was looking for. The approve and isolation proces works like a charm and it is very easy to set up. I didn't know about the integration between flow and ATP, but I will definitely start using it for incident response management.
I have been browsing your website http://blog.sec-labs.com/ and found many valuable tips, like how to create custom IOC's in ATP. Thank you!   

Mattias Borg's avatar
Mattias Borg
Copper Contributor
May 05, 2019

Bokonon 

No problem, I'm happy it's usable :)

 

Happy hunting!

Resources