Microsoft Defender for Endpoint + D3 Morpheus
Microsoft-Certified Endpoint Response Automation
Microsoft Defender users can orchestrate 26 different actions from Morpheus, including fetching events, enriching incidents with endpoint data, and quarantining infected hosts. This creates an automation-powered process for any endpoint security incident that acts quickly and conclusively before threats get out of control.
[Read the Blog]
Benefits and Capabilities
As a proud member of the Microsoft Intelligent Security Association (MISA) and the Azure Marketplace, D3 works closely with Microsoft to build and maintain integrations, including with Microsoft Defender for Endpoint. D3’s integrations ensure the best possible functionality for Microsoft customers, complementing Defender with powerful investigation, triage, and incident response capabilities.
- Faster time to value, through automation of Tier 1 and Tier 2 security work
- Vendor-agnostic security processes, with Morpheus orchestrating across the stack
- Deep integration with dozens of Microsoft tools
Use CAse
Endpoint Incident Response
Streamlining and automating incident response processes are essential for effective defense against threats. One way to achieve this is by integrating powerful cybersecurity tools like Microsoft Defender for Endpoint with a robust SOAR platform like Morpheus. Our tool-specific playbooks enrich, correlate, and respond to Defender alerts, with powerful automated actions, including:
- Ingesting alerts into Morpheus and updating alerts in Defender for Endpoint using API calls
- Gathering host and artifact information, such as active users and related file events
- Quarantining devices and initiating scans across endpoints
Use Case
Threat Hunting
Using Morpheus and Microsoft Defender for Endpoint as an integrated threat hunting solution speeds the investigation of new threats by streamlining the entire process from learning of the threat, to finding instances of it on endpoints, to quickly remediating it. All this can be orchestrated from Morpheus. Being able to build and trigger threat hunting playbooks in Morpheus also helps ensure consistency and reduce human error.
- Trigger endpoint scans and queries to find threats across the organization
- Automatically trigger scans for malicious hashes across endpoints
- Schedule threat hunting playbooks, or run them based on new intelligence
Why Morpheus?
Joint users of Microsoft Defender and D3 Morpheus don’t just get automated threat hunting and remediation of endpoint security incidents; they also get the countless other features that make Morpheus the leading AI SOC solution, including:
Expert-built codeless integrations across the stack
Tier 1–3 automation, based on deep research into the capabilities of common tools
The Event Pipeline, which reduces alert volume by up to 98%
Cross-dimension correlation, which acts across tools, timeframes, TTPs, and artifacts
Microsoft Defender Integration: Summary
Integrations Done the Right Way
An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.
