Michalis Michalos

šŸ“¢ New blog out!

šŸ’” If you isolate an endpoint during IR, you probably don't have time to notify stakeholders like the help desk that might be reached out for troubleshooting by the user. This logic app is based on #KQL and identifies the isolation action, adds a tag for your #DefenderXDR portal and sends an email.

#MicrosoftSecurity #MicrosoftSentinel #MicrosoftDefender #LogicApps #MicrosoftAutomation #Automation #AdvancedHunting

https://www.michalos.net/2024/02/20/isolated-an-endpoint-automate-tag-adding-and-notifications/

Isolated an Endpoint? Automate tag adding and notifications

If you are part of a big organization, you might need to reach out to some colleagues and teams, in case you isolate an endpoint. An end user will probably reach out to your help desk in order to iā€¦

Michalis Michalos
Feb 29, 2024 at 12:23pmWeb