Forum Discussion
Haim Goldshtein
Mar 07, 2019Microsoft
Automate Windows Defender ATP response action: Machine isolation
5 Minutes
Low complexity
Response teams rely on powerful actions that allow them take immediate action when a threat is identified. Being able to automate those response actions is ...
Mattias Borg
Brass Contributor
We wrote a blog on how to do a similar thing with Microsoft Flow and the ATP connector with approval step
http://blog.sec-labs.com/2019/04/automate-response-with-defender-atp-and-microsoft-flow/
Bokonon
Apr 28, 2019Copper Contributor
Mattias Borg This is exactly what I was looking for. The approve and isolation proces works like a charm and it is very easy to set up. I didn't know about the integration between flow and ATP, but I will definitely start using it for incident response management.
I have been browsing your website http://blog.sec-labs.com/ and found many valuable tips, like how to create custom IOC's in ATP. Thank you!
- Mattias BorgMay 05, 2019Brass Contributor