What is Windows Defender for Endpoint
Windows Defender for Endpoints is an Endpoint Detection and Response (EDR) platform that will monitor hosts and generate alerts when attacks are detected.
Integration actions
Windows Defender for Endpoints can launch Cyber Triage collections remotely using a PowerShell script and its Live Response capability.
Whom is it built for?
Internal SOC and IR Teams.
Why is it useful?
EDRs will not be the sole source of evidence in your investigation. You’ll need to collect additional artifacts on the hosts you suspect were involved in the incident. This will mean bringing them into your DFIR analysis environment.
What are the deployment options?
The integration can adapt to your environment. You’ll pick:
- Where the Cyber Triage Collector will be downloaded from. You can use ether our copy or yours.
- Where the results go. You can save them to a local file, upload to cloud storage (S3/Azure), or send to a Cyber Triage server.
What is the required Cyber Triage version?
Team.
Additional links
*For more information about this integration contact our sales team: sales@cybertriage.com.