May 10 2021 05:31 PM
We're working through automation of our Defender 365 incidents in Sentinel to try and reduce the operational load on our team.
One of the most common incidents we receive is "Email reported by user as malware or phish". We were hoping to use the result of the automated investigation to determine whether the automated action should be approved, but I have no idea how to get the result of the automated investigation into a playbook.
Does anyone have any suggestions? How do you deal with these types of incidents?
Thanks!
May 29 2021 11:31 PM
@mongie105 @Abhishek_Agrawal @Scott Landry is there an Graph API for the result of a MDO Investigation that Sentinel can query?