Partner applications in Microsoft Defender for Endpoint
Applies to:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender XDR
Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.
Defender for Endpoint supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform.
The support for third-party solutions helps to further streamline, integrate, and orchestrate defenses from other vendors with Microsoft Defender for Endpoint; enabling security teams to effectively respond better to modern threats.
Microsoft Defender for Endpoint seamlessly integrates with existing security solutions. The integration provides integration with the following solutions such as:
- SIEM
- Ticketing and IT service management solutions
- Managed security service providers (MSSP)
- IoC indicators ingestions and matching
- Automated device investigation and remediation based on external alerts
- Integration with Security orchestration and automation response (SOAR) systems
Supported applications
Security information and analytics
| Logo | Partner name | Description |
|---|---|---|
 |
AttackIQ Platform | AttackIQ Platform validates Defender for Endpoint is configured properly by launching continuous attacks safely on production assets |
 |
AzureSentinel | Stream alerts from Microsoft Defender for Endpoint into Microsoft Sentinel |
 |
Cymulate | Correlate Defender for Endpoint findings with simulated attacks to validate accurate detection and effective response actions |
 |
Elastic Security | Elastic Security is a free and open solution for preventing, detecting, and responding to threats |
 |
IBM QRadar | Configure IBM QRadar to collect detections from Defender for Endpoint |
 |
Micro Focus ArcSight | Use Micro Focus ArcSight to pull Defender for Endpoint detections |
 |
RSA NetWitness | Stream Defender for Endpoint Alerts to RSA NetWitness using Microsoft Graph Security API |
 |
SafeBreach | Gain visibility into Defender for Endpoint security events that are automatically correlated with SafeBreach simulations |
 |
Skybox Vulnerability Control | Skybox Vulnerability Control cuts through the noise of vulnerability management, correlating business, network, and threat context to uncover your riskiest vulnerabilities |
 |
Splunk | The Defender for Endpoint Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk |
 |
XM Cyber | Prioritize your response to an alert based on risk factors and high value assets |
Orchestration and automation
| Logo | Partner name | Description |
|---|---|---|
 |
Fortinet FortiSOAR | Fortinet FortiSOAR is a holistic Security Orchestration, Automation and Response (SOAR) workbench, designed for SOC teams to efficiently respond to the ever-increasing influx of alerts, repetitive manual processes, and shortage of resources. It pulls together all of organization's tools, helps unify operations and reduces alert fatigue, context switching, and the mean time to respond to incidents. |
 |
Delta Risk ActiveEye | Delta Risk, a leading provider of SOC-as-a-Service and security services, integrate Defender for Endpoint with its cloud-native SOAR platform, ActiveEye. |
 |
Demisto, a Palo Alto Networks Company | Demisto integrates with Defender for Endpoint to enable security teams to orchestrate and automate endpoint security monitoring, enrichment, and response |
 |
Microsoft Flow & Azure Functions | Use the Defender for Endpoint connectors for Azure Logic Apps & Microsoft Flow to automating security procedures |
 |
Rapid7 InsightConnect | InsightConnect integrates with Defender for Endpoint to accelerate, streamline, and integrate your time-intensive security processes |
 |
ServiceNow | Ingest alerts into ServiceNow Security Operations solution based on Microsoft Graph API integration |
 |
Swimlane | Maximize incident response capabilities utilizing Swimlane and Defender for Endpoint together |
Threat intelligence
| Logo | Partner name | Description |
|---|---|---|
 |
MISP (Malware Information Sharing Platform) | Integrate threat indicators from the Open Source Threat Intelligence Sharing Platform into your Defender for Endpoint environment |
 |
Palo Alto Networks | Enrich your endpoint protection by extending Autofocus and other threat feeds to Defender for Endpoint using MineMeld |
 |
ThreatConnect | Alert and/or block on custom threat intelligence from ThreatConnect Playbooks using Defender for Endpoint indicators |
Network security
| Logo | Partner name | Description |
|---|---|---|
 |
Aruba ClearPass Policy Manager | Ensure Defender for Endpoint is installed and updated on each endpoint before allowing access to the network |
 |
Blue Hexagon for Network | Blue Hexagon has built the industry's first real-time deep learning platform for network threat protection |
 |
CyberMDX | Cyber MDX integrates comprehensive healthcare assets visibility, threat prevention and repose into your Defender for Endpoint environment |
 |
HYAS Protect | HYAS Protect utilizes authoritative knowledge of attacker infrastructure to proactively protect Microsoft Defender for Endpoint endpoints from cyberattacks |
 |
Vectra Network Detection and Response (NDR) | Vectra applies AI & security research to detect and respond to cyber-attacks in real time |
Cross platform
| Logo | Partner name | Description |
|---|---|---|
 |
Bitdefender | Bitdefender GravityZone is a layered next generation endpoint protection platform offering comprehensive protection against the full spectrum of sophisticated cyber threats |
 |
Better Mobile | AI-based MTD solution to stop mobile threats & phishing. Private internet browsing to protect user privacy |
 |
Corrata | Mobile solution - Protect your mobile devices with granular visibility and control from Corrata |
 |
Lookout | Get Lookout Mobile Threat Protection telemetry for Android and iOS mobile devices |
 |
Symantec Endpoint Protection Mobile | SEP Mobile helps businesses predict, detect, and prevent security threats and vulnerabilities on mobile devices |
 |
Zimperium | Extend your Defender for Endpoint to iOS and Android with Machine Learning-based Mobile Threat Defense |
Other integrations
| Logo | Partner name | Description |
|---|---|---|
 |
Cyren Web Filter | Enhance your Defender for Endpoint with advanced Web Filtering |
 |
Morphisec | Provides Moving Target Defense-powered advanced threat prevention. Integrates forensics data directly into WD Defender for Cloud dashboards to help prioritize alerts, determine device at-risk score and visualize full attack timeline including internal memory information |
 |
THOR Cloud | Provides on-demand live forensics scans using a signature base with focus on persistent threats |
SIEM integration
Defender for Endpoint supports SIEM integration through various of methods. This can include specialized SIEM system interface with out of the box connectors, a generic alert API enabling custom implementations, and an action API enabling alert status management.
Ticketing and IT service management
Ticketing solution integration helps to implement manual and automatic response processes. Defender for Endpoint can help to create tickets automatically when an alert is generated and resolve the alerts when tickets are closed using the alerts API.
Security orchestration and automation response (SOAR) integration
Orchestration solutions can help build playbooks and integrate the rich data model and actions that Defender for Endpoint APIs exposes to orchestrate responses, such as query for device data, trigger device isolation, block/allow, resolve alert and others.
External alert correlation and Automated investigation and remediation
Defender for Endpoint offers unique automated investigation and remediation capabilities to drive incident response at scale.
Integrating the automated investigation and response capability with other solutions such as IDS and firewalls help to address alerts and minimize the complexities surrounding network and device signal correlation, effectively streamlining the investigation and threat remediation actions on devices.
External alerts can be pushed to Defender for Endpoint. These alerts are shown side by side with additional device-based alerts from Defender for Endpoint. This view provides a full context of the alert and can reveal the full story of an attack.
Indicators matching
You can use threat-intelligence from providers and aggregators to maintain and use indicators of compromise (IOCs).
Defender for Endpoint allows you to integrate with these solutions and act on IoCs by correlating rich telemetry to create alerts. You can also use prevention and automated response capabilities to block execution and take remediation actions when there's a match.
Defender for Endpoint currently supports IOC matching and remediation for file and network indicators. Blocking is supported for file indicators.
Support for non-Windows platforms
Defender for Endpoint provides a centralized security operations experience for Windows and non-Windows platforms, including mobile devices. You'll be able to see alerts from various supported operating systems (OS) in the portal and better protect your organization's network.
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.
피드백
출시 예정: 2024년 내내 콘텐츠에 대한 피드백 메커니즘으로 GitHub 문제를 단계적으로 폐지하고 이를 새로운 피드백 시스템으로 바꿀 예정입니다. 자세한 내용은 다음을 참조하세요. https://aka.ms/ContentUserFeedback
다음에 대한 사용자 의견 제출 및 보기