cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Microsoft Sentinel and EDR API Integration

TJ183
Copper Contributor

‎May 20 2022 03:22 AM

‎May 20 2022 03:22 AM

Microsoft Sentinel and EDR API Integration

Hi all,

 

We're looking at a way to make life easier by automating the closure of EDR alerts from Sentinel. Using Logic Apps or another method, is it possible to close an 'Incident' in Sentinel, which then triggers an API request towards the EDR?

 

 

Thanks,

 

Tom 

Labels:
1,256 Views
0 Likes
2 Replies
Reply
2 Replies
Clive_Watson

‎May 20 2022 03:34 AM

‎May 20 2022 03:34 AM

Re: Microsoft Sentinel and EDR API Integration

@TJ183 

Create a Automation rule to do both steps, also select which Analytics this applies to:

1. Close - using Change Status Action
2. Then Run a Playbook (Logic app) to handle the REST api

Clive_Watson_0-1653042768639.png

 

0 Likes
Reply
TJ183

‎May 20 2022 03:50 AM

‎May 20 2022 03:50 AM

Re: Microsoft Sentinel and EDR API Integration

Hi Clive,

Thanks for your input! I'll give it a go and see if we can develop something. Be cool to see how much our teams can do with Sentinel :)

Thanks,

Tom
0 Likes
Reply