Book a Meeting

Watch our latest fireside chat with Doug Cahill: Cybersecurity Integrations: The ROI Black Hole

PARTNER

Microsoft Defender for Endpoint

Microsoft | EDR

About Microsoft

Microsoft is the world's largest enterprise technology company and a dominant force in cybersecurity, with a security portfolio spanning identity, endpoint, cloud, and threat intelligence solutions trusted by organizations worldwide. From Azure Active Directory to Microsoft Sentinel and Defender, Microsoft's security ecosystem is a foundational layer in enterprise security programs across every industry. Teams looking to integrate with Microsoft or build a Microsoft security integration can use Synqly to connect Microsoft security services and signals with their broader security operations platform through a unified, normalized API layer.

About the Microsoft Defender for Endpoint Integration

Microsoft Defender for Endpoint includes Microsoft’s Defender Vulnerability Management (formerly TVM), providing continuous endpoint vulnerability assessment by leveraging the Defender sensor’s real-time visibility to identify unpatched software, misconfigurations, and exposure risks across managed devices. As Synqly’s Vulnerabilities provider, Microsoft Defender for Endpoint enables security teams to access normalized endpoint vulnerability findings from the Defender platform through a standardized connector. Integrate with Microsoft Defender for Endpoint for vulnerability management to route endpoint CVE findings and risk scores into your vulnerability prioritization platform, ticketing system, or risk dashboards.

Integration Use Cases

gpp_maybe

Create IOCs

Creates a list of iocs that match the stix input for the EDR source.

edit_note

Create Threat Note

Creates a note for a threat.

list_alt_check

Delete IOCs

Deletes a list of iocs that match the input of ids in the query param

computer

Get Endpoint

Gets a single endpoint assets matching the UID from the token-linked EDR source.

note_stack

Get Threat Notes

Returns a list of notes for a threat.

remove_from_queue

Quarantine Endpoints

Connect or disconnect one or more endpoints assets to the network, allowing or disallowing connections.

notifications_active

Query Alerts

Returns a list of alerts that match the query from the token-linked EDR source.

database_search

Query Applications

Returns a list of applications matching the query from the token-linked EDR source.

event_list

Query EDR Events

Returns a list of EDR events that match the query from the token-linked EDR source.

devices

Query Endpoints

Returns a list of endpoint assets matching the query from the token-linked EDR source.

gpp_maybe

Query IOCs

Returns a list of iocs that match the query from the token-linked EDR source.

grading

Query Posture Score

Returns the posture score of the endpoint assets that match the query from the token-linked EDR source.

event_list

Query Threat Events

Returns a list of threats that match the query from the token-linked EDR source.

Integration Resources

Configuration Guide

Microsoft Defender for Endpoint Configuration Guide

Synqly Documentation

Microsoft Defender for Endpoint Integration Docs

Partner Website

Microsoft Website

Partner Support

Microsoft Support