When i was running AV scan on the machine in Microsoft defender via CSOAR. The action shows executed successfully but it is not reflected in defender. I checked the integration it was successful. I checked the other actions List alerts it is working as intended. Could you please help to fix this.
Thank you!
Page 1 / 1
What is the Action name?
Action will likely work against Entities, was the hostname a successful Entity in the selection?
What was the casewall comment and JSON output from the Action
Did the API key you used have access/auth to revoke that host?
Is the host fully qualified, or in the right form?
If you create a test case, add the Entity, then use the IDE to test the Action does it work form that?
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.