When i was running AV scan on the machine in Microsoft defender via CSOAR. The action shows executed successfully but it is not reflected in defender. I checked the integration it was successful. I checked the other actions List alerts it is working as intended. Could you please help to fix this.
Thank you!
Unable to run AV scan in Microsoft defender ATP via CSOAR
+2
+12What is the Action name?
Action will likely work against Entities, was the hostname a successful Entity in the selection?
What was the casewall comment and JSON output from the Action
Did the API key you used have access/auth to revoke that host?
Is the host fully qualified, or in the right form?
If you create a test case, add the Entity, then use the IDE to test the Action does it work form that?
+2I have added the entity and executed the run AV scan action via SOAR. Im getting the below error
Start processing entity MD-GJ######
Entity MD-GJ###### is of unsupported type GENERICENTITY, skipping...
Start processing entity MD-GJ######
Failed to find machine ATP by MD-GJ######
entity with type ADDRESS
----------------- Main - Finished -----------------
Status: 0
Result: true
Output Message: Failed to find machine ATP by MD-GJ######
entity with type ADDRESS
1 entities were not found in ATP
Action completed successfully
under which entity type i have to store the value is it in hostname?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.