When i was running AV scan on the machine in Microsoft defender via CSOAR. The action shows executed successfully but it is not reflected in defender. I checked the integration it was successful. I checked the other actions List alerts it is working as intended. Could you please help to fix this.
Thank you!
Page 1 / 1
What is the Action name?
Action will likely work against Entities, was the hostname a successful Entity in the selection?
What was the casewall comment and JSON output from the Action
Did the API key you used have access/auth to revoke that host?
Is the host fully qualified, or in the right form?
If you create a test case, add the Entity, then use the IDE to test the Action does it work form that?
I have added the entity and executed the run AV scan action via SOAR. Im getting the below error
Start processing entity MD-GJ######
Entity MD-GJ###### is of unsupported type GENERICENTITY, skipping...
Start processing entity MD-GJ######
Failed to find machine ATP by MD-GJ######
entity with type ADDRESS
----------------- Main - Finished -----------------
Status: 0
Result: true
Output Message: Failed to find machine ATP by MD-GJ######
entity with type ADDRESS
1 entities were not found in ATP
Action completed successfully
under which entity type i have to store the value is it in hostname?
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.