Microsoft Defender for Endpoint

Version: Microsoft Defender for Endpoint

Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.

Netsurion Open XDR monitors events from Microsoft Defender for Endpoint, and provides dashboards and reports that help you detect file-less attacks, backdoor drops, and virus/malware.

Netsurion Data Source Integration for Microsoft Defender for Endpoint allows you to monitor the following components: 

  • Security: Information related to the alerts triggered by Microsoft Defender.

After the events are received into Netsurion Open XDR, the alerts, reports, and dashboards can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.


Type Name Description
Security Microsoft Defender for Endpoint – Critical threat detected This alert indicates that a critical threat is detected in Microsoft Defender for Endpoint.


Type Name Description
Security Microsoft Defender for Endpoint – Alerts detail This report provides a detailed summary of defender alerts in Microsoft Defender for Endpoint. It contains a source IP address, remote IP address, alert ID, detection source, attack technique, severity, device name, remote URL, threat family, and more.


The configuration details are consistent with Netsurion Open XDR 9.3 and later, and Microsoft Defender for Endpoint.

Download Integration Guide, How-to Guide, and Microsoft Defender for Endpoint integrator 1.0.0 for configuration instructions and more information.