cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Having issues with Run-MDEAntiVirus Playbook

MikePalmer75
Brass Contributor

‎Jan 26 2022 11:41 PM - edited ‎Jan 26 2022 11:50 PM

‎Jan 26 2022 11:41 PM - edited ‎Jan 26 2022 11:50 PM

Having issues with Run-MDEAntiVirus Playbook

Hi,

 

I'm having issues getting the Run-MDEAntiVirus playbook working.

 

I have created it using the Github template, assigned the managed instance rights to Sentinel and the Defender ATP. 

 

When it is triggered I get the following error message.

MikePalmer75_0-1643269114804.png

 

From what I can see the post command is not sending over the MDATPDeviceId.

 

MikePalmer75_1-1643269211493.png

The information from the entries Get-Hosts does provide the host and the MDATPDeviceId information so I'm a little lost on what is going on.

 

Could anyone help me please?

 

Regards

 

Mike 

1,468 Views
0 Likes
2 Replies
Reply
2 Replies
MikePalmer75

‎Jan 27 2022 12:11 AM

‎Jan 27 2022 12:11 AM

Re: Having issues with Run-MDEAntiVirus Playbook

Just redeployed the playbook from Sentinel and output does not match the screenshots from the Github information - https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Run-MDEAntivirus



0 Likes
Reply
MikePalmer75

‎Feb 01 2022 11:03 PM

‎Feb 01 2022 11:03 PM

Re: Having issues with Run-MDEAntiVirus Playbook

Raised a MS support call for this. It appears the templates in Sentinel are cached and not being refreshed from the Github content.
0 Likes
Reply