EN
Request a demo
EN
Products
Pricing
Company
Resources
Events
Request a demo
See all integrations

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint is an enterprise EDR platform that provides threat detection, investigation, and automated response capabilities across Windows, macOS, Linux, iOS, and Android devices for comprehensive endpoint security
EDR
12 Responders
www.microsoft.com GitHub

Responders (12)

MSDefender-PushIOC-Audit v1.0

Push IOC to Defender client. Audit mode

  • Author: Vito Piserchia
  • License: AGPL-V3
  • Data Types: thehive:case_artifact

MSDefender-PushIOC-Block v2.1

Push IOC to Defender client. Block mode

  • Author: Keijo Korte, Louis-Maximilien Dupouy, Vito Piserchia
  • License: AGPL-V3
  • Data Types: thehive:case_artifact

MSDefender-IsolateMachine v1.0

Isolate machine with Microsoft Defender for Endpoints

  • Author: Keijo Korte
  • License: AGPL-V3
  • Data Types: thehive:case_artifact

MSDefender-PushIOC-Warn v1.0

Push IOC to Defender client. Warn mode (Microsoft Defender for Cloud only)

  • Author: Vito Piserchia
  • License: AGPL-V3
  • Data Types: thehive:case_artifact

MSDefender-AutoInvestigation v1.0

Start an automated investigation on a device

  • Author: Keijo Korte, Louis-Maximilien Dupouy
  • License: AGPL-V3
  • Data Types: thehive:case_artifact

MSDefender-FullVirusscan v1.0

Run full virus scan to machine with Microsoft Defender for Endpoints

  • Author: Keijo Korte
  • License: AGPL-V3
  • Data Types: thehive:case_artifact

MSDefender-RestrictAppExecution v1.0

Restrict execution of all applications on the device except a predefined set

  • Author: Keijo Korte, Louis-Maximilien Dupouy
  • License: AGPL-V3
  • Data Types: thehive:case_artifact

MSDefender-UnisolateMachine v1.0

Unisolate machine with Microsoft Defender for Endpoints

  • Author: Keijo Korte
  • License: AGPL-V3
  • Data Types: thehive:case_artifact

MSDefender-PushIOC-BlockAndRemediate v1.0

Push IOC to Defender client. Block and Remediate mode

  • Author: Vito Piserchia
  • License: AGPL-V3
  • Data Types: thehive:case_artifact

MSDefender-PushIOC-Allowed v1.0

Push IOC to Defender client. Allowed mode

  • Author: Vito Piserchia
  • License: AGPL-V3
  • Data Types: thehive:case_artifact

MSDefender-UnRestrictAppExecution v1.0

Enable execution of any application on the device

  • Author: Keijo Korte, Louis-Maximilien Dupouy
  • License: AGPL-V3
  • Data Types: thehive:case_artifact

MSDefender-PushIOC-Alert v2.0

Push IOC to Defender client. Alert mode. This mode is Deprecated and Audit should be used instead.

  • Author: Keijo Korte, Louis-Maximilien Dupouy
  • License: AGPL-V3
  • Data Types: thehive:case_artifact
CrowdStrike Falcon
Splunk
VirusTotal
Microsoft Entra ID
MISP
Google Threat Intelligence
Recorded Future
Microsoft Defender for Office 365
Proofpoint
Shodan
Slack
AbuseIPDB
Cloudflare
URLScan.io
URLhaus
ONYPHE
YARA
CAPA
Telegram
Airtable
AnyRun
Autofocus
AWSLambda
AWX
Axur
BackscatterIO
BinalyzeAIR
Censys
CERTatPassiveDNS
ChainAbuse
CheckPhish
CheckPoint
CiscoUmbrella
CISMCAP
ClamAV
Cluster25
ClusterHawk
Crtsh
CuckooSandbox
CyberChef
Cyberprotect
Cylance
DNS-RPZ
DNSDB
DNSdumpster
DNSLookingglass
DNSSinkhole
DomainTools
DShield
Duo Security
EchoTrail
EclecticIQ
EmergingThreats
EmlParser
FileInfo
FireHOLBlocklists
FoxIO
Gatewatcher CTI
Gmail
GoogleDNS
GRR
HarfangLab
Hashdd
Inoitsu
IntezerCommunity
Investigate
IP-API
IPVoid
isMalicious
IVRE
JAMFProtect
JIRA
Jupyter
KnowBe4
LdapQuery
Lookyloo
LupovisProwl
Mailer
MailIncidentStatus
Malpedia
MalwareClustering
Malwares
MetaDefender
MsgParser
NERD
Nessus
Netcraft
NSRL
Okta
ONYPHEActiveScan
OpenCTI
OrionMalware
PassiveTotal
Patrowl
PhishingInitiative
Pulsedive
QrDecode
Redmine
Robtex
RT4
SecurityTrails
SendGrid
SentinelOne
SinkDB
SophosIntelix
SpamAssassin
SpamhausDBL
StamusNetworks
StopForumSpam
ThreatGrid
ThreatMiner
ThreatResponse
Thunderstorm
TorBlutmagie
TorProject
Triage
UnshortenLink
urlDNA.io
Valhalla
ValidateObservable
Verifalia
VMRay
Vulners
Watcher
Wazuh
WOT
Yeti
ZEROFOX
Zscaler
Abuse Finder
AIL Onion-Lookup
AlienVault OTX
CIRCL Hash Lookup
CIRCL Passive DNS
CIRCL Passive SSL
CIRCL Vulnerability-Lookup
Cisco Secure Endpoint (Formerly AMP for Endpoints)
CrowdSec
Domain Mail SPF DMARC
DomainTools Iris
Elasticsearch
EmailRep
FireEye iSIGHT
Forcepoint WebsensePing
Google Safe Browsing
Google Vision API
GreyNoise
Have I Been Pwned
Hunter.io
Hybrid Analysis
IBM QRadar
IBM X-Force
IPinfo
Joe Sandbox
Kaspersky TIP
Maltiverse
MalwareBazaar
Malware Hash Registry (MHR)
MaxMind
MISP Warning Lists
Mnemonic Passive DNS
n8n
PAN Cortex XDR
PAN Cortex XSOAR
PAN Next Generation Firewall
PAN WildFire
PhishTank
Rapid7 InsightConnect
SEKOIA Intelligence Center
Shuffle
ThreatConnect
Tines
Velociraptor
VirusShare
Back to all integrations
Explore similar integrations
CrowdStrike Falcon
EDR
11 Analyzers
9 Responders
2 Use cases
1 External integration
See how TheHive can help your team
Thousands of analysts worldwide rely on our platform to manage security incidents more efficiently than ever.
See what the buzz is about:
Request a demo