Forum Discussion

MikePalmer75's avatar
MikePalmer75
Brass Contributor
Jan 26, 2022

Having issues with Run-MDEAntiVirus Playbook

Hi,

 

I'm having issues getting the Run-MDEAntiVirus playbook working.

 

I have created it using the Github template, assigned the managed instance rights to Sentinel and the Defender ATP. 

 

When it is triggered I get the following error message.

 

From what I can see the post command is not sending over the MDATPDeviceId.

 

The information from the entries Get-Hosts does provide the host and the MDATPDeviceId information so I'm a little lost on what is going on.

 

Could anyone help me please?

 

Regards

 

Mike 

3 Replies

  • Hernan_Jimenez's avatar
    Hernan_Jimenez
    Copper Contributor
    Jan 10, 2025

    Hello MikePalmer75

    I am running into a similar issue with Playbook. Were you able to successfully deploy/run this Logic App?

  • MikePalmer75's avatar
    MikePalmer75
    Brass Contributor
    Jan 27, 2022
    Just redeployed the playbook from Sentinel and output does not match the screenshots from the Github information - https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Run-MDEAntivirus



    • MikePalmer75's avatar
      MikePalmer75
      Brass Contributor
      Feb 01, 2022
      Raised a MS support call for this. It appears the templates in Sentinel are cached and not being refreshed from the Github content.