cyber-triage-logo

Integration

Windows Defender for Endpoint

Endpoint Detection and Response

What Is Windows Defender for Endpoint

Windows Defender for Endpoints is an Endpoint Detection and Response (EDR) platform that will monitor hosts and generate alerts when attacks are detected.

Integration Actions

With Cyber Triage, there are 2 Windows Defender integration actions:

  1. Windows Defender for Endpoints can launch Cyber Triage collections remotely using a PowerShell script and its Live Response capability.
  2. Importing Windows Defender telemetry into Cyber Triage to be scored and analyzed.
Whom Is It Built for?

Internal SOC and IR teams.

Why Is It Useful?

When you use the Cyber Triage Collector, EDRs will not be the sole source of evidence in your investigation. Launching the Collector enables you to collect additional artifacts on the hosts you suspect were involved in the incident. This will mean bringing them into your DFIR analysis environment.

Importing Windows Defender telemetry enables you to quickly access and analyze the data in an investigation platform. This makes investigations faster and more comprehensive.

What Are the Collector Deployment Options?

The integration can adapt to your environment. You’ll pick:

  • Where the Cyber Triage Collector will be downloaded from. You can use either our copy or yours.
  • Where the results go. You can save them to a local file, upload to cloud storage (S3/Azure), save to a network drive, or stream to a Cyber Triage server.
What is required to pull MDE data into Cyber Triage

There are two methods of getting MDE data into Cyber Triage:

  1. Export the timeline data from and endpoint (this is in .csv format). 
  2. Configure Cyber Triage to connect to the MDR API (in the CT options panel).
What Is the Required Cyber Triage Version?

It depends on which integration you are using.

All versions of Cyber Triage allow the Collector to be integrated with Defender.

If you are ingesting Windows Defender telemetry, the Standard Enterprise or Team Enterprise version is required.

Additional links

*For more information about this integration contact our sales team: sales@cybertriage.com.

Visit Site

Integrations

All Integrations