Automate - Security Management - Defender for Endpoint Actions
Dashboard for Defender for Endpoint actions - endpoint management
Links
| Incident and Alert Actions |
| Link Text | Type | Display | Filter Options | Field Display Policy | Configuration Template | Condition | Description |
|
View Incidents
|
device/msgraphsecurity/Incident |
list |
[] |
|
|
|
View Microsoft Security incidents in the system and view further details about incidents |
|
View Alerts
|
device/msgraphsecurity/Alert |
list |
[] |
|
|
|
View Microsoft Security Alerts in the system for the selected hierarchy and view further details about alerts |
| Device Actions |
| Link Text | Type | Display | Filter Options | Field Display Policy | Configuration Template | Condition | Description |
|
View Devices
|
device/mssecurity/Machine |
list |
[] |
|
|
|
View device information for selected hierarchy as reported by the Microsoft Security machine objects |
|
View and Manage Machine Actions
|
relation/MachineAction |
list |
[] |
|
|
|
View list of actions initiated and status for devices |
|
Bulk Actions
|
view/DefenderBulkActions |
form |
[] |
|
|
|
|
|
Initiate Scan on Device(s)
|
view/DefenderBulkActions |
form |
[] |
|
MicrosoftDefenderBulkAction_Scan |
|
Initiate a scan on one or more devices with the associated type |
|
Manage Isolation of Device(s)
|
view/DefenderBulkActions |
form |
[] |
|
MicrosoftDefenderBulkAction_Isolation |
|
Choose to isolate or unisolate on one or more devices with the associated type |
|
Offboard Device(s)
|
view/DefenderBulkActions |
form |
[] |
|
MicrosoftDefenderBulkAction_Offboard |
|
Initiate offboarding of one or more devices from the system |
|
Manage code execution on device(s)
|
view/DefenderBulkActions |
form |
[] |
|
MicrosoftDefenderBulkAction_Code |
|
Restrict or unrestrict code execution on one or more devices |
|
Collect investigation from device(s)
|
view/DefenderBulkActions |
form |
[] |
|
MicrosoftDefenderBulkAction_Collect |
|
Collect investigation Package from one or more devices |
|
Stop and Quarantine File on device(s)
|
view/DefenderBulkActions |
form |
[] |
|
MicrosoftDefenderBulkAction_Quarantine |
|
|
Charts
| CHARTS |
| Title | Type | Resource | Description |
| Device Count by Exposure |
chart-pie |
Defender Devices |
Count of machines by exposure level |
| Device Count by Status |
chart-pie |
Defender Devices |
Count of machine actions by type of action |
| Action Count by Type |
chart-pie |
Defender Actions |
Count of machine actions by type of action |
Tables
| TABLES |
| Title | Resource | Fields | Drill-down |
| Action Counts by machine - Top 10 |
Defender Actions |
Machine DNS Name
|
drilldown-modelType: N/A |
