Microsoft Defender for Endpoint

Version: Microsoft Defender for Endpoint

Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.

Netsurion's Open XDR platform monitors events from the Microsoft Defender for Endpoint. Dashboard and reports in Netsurion, will help you track, alert information, and alert evidence with help to detect file-less attacks, backdoor drops, and virus/malware.

Netsurion Data Source Integration for Microsoft Defender for Endpoint allows you to monitor the following components: 

  • Security: Information related to the alerts triggered by Microsoft Defender.

After the events are received into Netsurion, the alerts, reports, and dashboards can be configured into Netsurion.

Alerts

Type Name Description
Security Microsoft Defender for Endpoint - Critical threat detected This alert indicates that a critical threat is detected in Microsoft Defender for Endpoint.

Reports

Type Name Description
Security Microsoft Defender for Endpoint - Alerts detail This report provides a detailed summary of defender alerts in Microsoft Defender for Endpoint. It contains a source IP address, remote IP address, alert ID, detection source, attack technique, severity, device name, remote URL, threat family, and more.

Documentation

The configuration details are consistent with Netsurion version 9.3 and later, and Microsoft Defender for Endpoint.

Download Integration Guide, How-to Guide, and Microsoft Defender for Endpoint integrator 1.0.0 for more information and to configuration instructions.