[Request] MS Defender for Endpoint, third party response integration #6303
Assignees
Labels
Docset: ESS
Issues that apply to docs in the Stack release
Docset: Serverless
Issues for Serverless Security
Effort: Medium
Issues that take moderate but not substantial time to complete
Priority: Medium
Issues that have relevance, but aren't urgent
Team: EDR Workflows
Formerly Defend Workflows, Onboarding and Lifecycle Management
v8.18.0
Comments
|
👀 |
natasha-moore-elastic
added
Team: EDR Workflows
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
We are releasing our bidirectional capability with Microsoft Defender for Endpoint, which will allow users to execute host isolation / release of a MDE agent through elastic security.
This is similar to the functionality (and docs) we previously added for Sentinel One and Crowdstrike: https://www.elastic.co/guide/en/security/current/response-actions-config.html
Background & resources
Which documentation set does this change impact?
ESS and serverless
ESS release
N/A
Serverless release
TBD
Feature differences
Feature will be the same in serverless/ESS
ESS release: 8.18
API docs impact
TBD
Prerequisites, privileges, feature flags
ESS & Serverless, Kibana privileges:
Security solution privilege: Host Isolation (ALL)
Actions and Connectors privilege:: EDR Connectors
The text was updated successfully, but these errors were encountered: