Supported Cortex XSOAR versions: 6.5.0 and later.
This playbook supports investigation actions for the analyst, including:
- Running a full AV scan for a specific endpoint.
- Requesting an investigation package (a zip file containing forensic data with a size of ~ 15MB) from an endpoint.
- Requesting to run automatic investigation on an endpoint.
This playbook uses the following sub-playbooks, integrations, and scripts.
Microsoft Defender For Endpoint - Collect investigation package
This playbook does not use any scripts.
|Task||Option for input ( can be entered as comma-separated values):|
`Full Scan` - Fully Scan the provided endpoint/s
`Collect Investigation Package` - Collect investigation package from endpoint/s (only for supported devices)
`Automated Investigation` - Run Automated Investigation on the provided endpoint
|EndpointsID||Provide a list of endpoints for the Scan and Collection of investigation Package to be run on.||Optional|
There are no outputs for this playbook.