Skip to main content This browser is no longer supported. Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Partner applications in Microsoft Defender for Endpoint- Article
- 09/29/2022
- 5 minutes to read
In this articleApplies to: - Microsoft Defender for Endpoint Plan 2
- Microsoft 365 Defender
Want to experience Microsoft Defender for Endpoint?
Sign up for a free trial.
Defender for Endpoint supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform. The support for third-party solutions helps to further streamline,
integrate, and orchestrate defenses from other vendors with Microsoft Defender for Endpoint; enabling security teams to effectively respond better to modern threats. Microsoft Defender for Endpoint seamlessly integrates with existing security solutions. The integration provides integration with the following solutions such as: - SIEM
- Ticketing and IT service management solutions
- Managed security service providers (MSSP)
- IoC indicators ingestions and
matching
- Automated device investigation and remediation based on external alerts
- Integration with Security orchestration and automation response (SOAR) systems
Supported applications
| Logo | Partner name | Description |
|---|
|
| AttackIQ Platform
| AttackIQ Platform validates Defender for Endpoint is configured properly by launching continuous attacks safely on production assets
| |
| AzureSentinel
| Stream alerts from Microsoft Defender for Endpoint into Microsoft Sentinel
| |
| Cymulate
| Correlate Defender for Endpoint findings with simulated attacks to validate accurate detection and effective response actions
| |
| Elastic Security
| Elastic Security is a free and open solution for preventing, detecting, and responding to threats
| |
| IBM QRadar
| Configure IBM QRadar to collect detections from Defender for Endpoint
| |
| Micro Focus ArcSight
| Use Micro Focus ArcSight to pull Defender for Endpoint detections
| |
| RSA NetWitness
| Stream Defender for Endpoint Alerts to RSA NetWitness using Microsoft Graph Security API
| |
| SafeBreach
| Gain visibility into Defender for Endpoint security events that are automatically correlated with SafeBreach simulations
| |
| Skybox Vulnerability Control
| Skybox Vulnerability Control cuts through the noise of vulnerability management, correlating business, network, and threat context to uncover your riskiest vulnerabilities
| |
| Splunk
| The Defender for Endpoint Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk
| |
| XM Cyber
| Prioritize your response to an alert based on risk factors and high value assets
|
Orchestration and automation
| Logo | Partner name | Description |
|---|
|
| CyberSponse CyOps
| CyOps integrates with Defender for Endpoint to automate customers' high-speed incident response playbooks
| |
| Delta Risk ActiveEye
| Delta Risk, a leading provider of SOC-as-a-Service and security services, integrate Defender for Endpoint with its cloud-native SOAR platform, ActiveEye.
| |
| Demisto, a Palo Alto Networks Company
| Demisto integrates with Defender for Endpoint to enable security teams to orchestrate and automate endpoint security monitoring, enrichment, and response
| |
| Microsoft Flow & Azure Functions
| Use the Defender for Endpoint connectors for Azure Logic Apps & Microsoft Flow to automating security procedures
| |
| Rapid7 InsightConnect
| InsightConnect integrates with Defender for Endpoint to accelerate, streamline, and integrate your time-intensive security processes
| |
| ServiceNow
| Ingest alerts into ServiceNow Security Operations solution based on Microsoft Graph API integration
| |
| Swimlane
| Maximize incident response capabilities utilizing Swimlane and Defender for Endpoint together
|
Threat intelligence
| Logo | Partner name | Description |
|---|
|
| MISP (Malware Information Sharing Platform)
| Integrate threat indicators from the Open Source Threat Intelligence Sharing Platform into your Defender for Endpoint environment
| |
| Palo Alto Networks
| Enrich your endpoint protection by extending Autofocus and other threat feeds to Defender for Endpoint using MineMeld
| |
| ThreatConnect
| Alert and/or block on custom threat intelligence from ThreatConnect Playbooks using Defender for Endpoint indicators
|
Network security
| Logo | Partner name | Description |
|---|
|
| Aruba ClearPass Policy Manager
| Ensure Defender for Endpoint is installed and updated on each endpoint before allowing access to the network
| |
| Blue Hexagon for Network
| Blue Hexagon has built the industry's first real-time deep learning platform for network threat protection
| |
| Corelight
| Using data, sent from Corelight network appliances, Microsoft 365 Defender gains increased visibility into the network activities of unmanaged devices, including communication with other unmanaged devices or external networks.
| |
| CyberMDX
| Cyber MDX integrates comprehensive healthcare assets visibility, threat prevention and repose into your Defender for Endpoint environment
| |
| HYAS Protect
| HYAS Protect utilizes authoritative knowledge of attacker infrastructure to proactively protect Microsoft Defender for Endpoint endpoints from cyberattacks
| |
| Vectra Network Detection and Response (NDR)
| Vectra applies AI & security research to detect and respond to cyber-attacks in real time
|
| Logo | Partner name | Description |
|---|
|
| Bitdefender
| Bitdefender GravityZone is a layered next generation endpoint protection platform offering comprehensive protection against the full spectrum of sophisticated cyber threats
| |
| Better Mobile
| AI-based MTD solution to stop mobile threats & phishing. Private internet browsing to protect user privacy
| |
| Corrata
| Mobile solution - Protect your mobile devices with granular visibility and control from Corrata
| |
| Lookout
| Get Lookout Mobile Threat Protection telemetry for Android and iOS mobile devices
| |
| Symantec Endpoint Protection Mobile
| SEP Mobile helps businesses predict, detect, and prevent security threats and vulnerabilities on mobile devices
| |
| Zimperium
| Extend your Defender for Endpoint to iOS and Android with Machine Learning-based Mobile Threat Defense
|
Other integrations
| Logo | Partner name | Description |
|---|
|
| Cyren Web Filter
| Enhance your Defender for Endpoint with advanced Web Filtering
| |
| Morphisec
| Provides Moving Target Defense-powered advanced threat prevention. Integrates forensics data directly into WD Defender for Cloud dashboards to help prioritize alerts, determine device at-risk score and visualize full attack timeline including internal memory information
| |
| THOR Cloud
| Provides on-demand live forensics scans using a signature base with focus on persistent threats
|
SIEM integrationDefender for Endpoint supports SIEM integration through various of methods. This can include specialized SIEM system interface with out of the box connectors, a generic alert API enabling custom implementations, and an action API enabling alert status management. Ticketing and IT service managementTicketing solution integration helps to implement manual and
automatic response processes. Defender for Endpoint can help to create tickets automatically when an alert is generated and resolve the alerts when tickets are closed using the alerts API. Security orchestration and automation response (SOAR) integrationOrchestration solutions can help build playbooks and integrate the rich data model and actions that Defender for Endpoint APIs exposes to orchestrate responses,
such as query for device data, trigger device isolation, block/allow, resolve alert and others. Defender for Endpoint offers unique automated investigation and remediation capabilities to drive incident response at scale. Integrating the automated investigation and response capability with other solutions such as IDS and firewalls help to address alerts and minimize the complexities surrounding network and device signal correlation, effectively streamlining the investigation and
threat remediation actions on devices. External alerts can be pushed to Defender for Endpoint. These alerts are shown side by side with additional device-based alerts from Defender for Endpoint. This view provides a full context of the alert and can reveal the full story of an attack. Indicators matchingYou can use threat-intelligence from providers and aggregators to maintain and use indicators of compromise (IOCs). Defender for Endpoint
allows you to integrate with these solutions and act on IoCs by correlating rich telemetry to create alerts. You can also use prevention and automated response capabilities to block execution and take remediation actions when there's a match. Defender for Endpoint currently supports IOC matching and remediation for file and network indicators. Blocking is supported for file indicators. Defender for
Endpoint provides a centralized security operations experience for Windows and non-Windows platforms, including mobile devices. You'll be able to see alerts from various supported operating systems (OS) in the portal and better protect your organization's network. FeedbackSubmit and view feedback for
What is Cortex XDR used for?
Cortex XDR is the world's first detection and response app that natively integrates network, endpoint and cloud data to stop sophisticated attacks. Cortex XDR accurately detects threats with behavioral analytics and reveals the root cause to speed up investigations.
What is Prisma access Palo Alto?
Prisma Access helps you deliver consistent security to your remote networks and mobile users. All your users—at headquarters, office branches, and on the road—connect to Prisma Access to safely use the internet and cloud and data center applications.
What is Palo Alto XDR?
What Is Palo Alto Cortex XDR? Palo Alto's Cortex XDR is an extended detection and response platform that monitors and manages cloud, network, and endpoint events and data. Cortex XDR combines features for incident prevention, detection, analysis, and response into a centralized platform.
What does Prisma Saas add to the Palo Alto Networks SASE solution?
It provides advanced capabilities in risk discovery, adaptive access control, data loss prevention, compliance assurance, data governance, user behavior monitoring, and advanced threat prevention.
| 
