Forum Discussion
Sentinel Playbook | Condition on MDE (Defender for Endpoint) Device Risk
Any suggestions or if it possible to add a Playbook condition that will trigger based on the device/entity risk classified on Defender for Endpoint (security.microsoft.com) (Devices Inventory Blade) which displays device risks.
Thanks...
- GBushey
Microsoft
A Microsoft Sentinel playbook can only trigger based on Microsoft Sentinel incidents. You would have to ask in the Microsoft Defender for Endpoint group if there is a way to accomplish what you want inside of MDE
