Microsoft Defender Integration

Incoming webhook integration with Microsoft Defender for Endpoint

This integration requires a Microsoft Power Automate license for the owner-user

Configuring this integration enables Rezonate's ITDR engine to cross-correlate identity threats from Endpoint detections, and to improve MTTR.

Configuration Guide

To set up the integration please follow the following steps:

  1. Browse to the Rezonate integrations screen, add a new Integration, and select Microsoft Defender. Pick a name for the application and copy the webhook URL that appears on the integration screen. Take note of it as we will use it later in the microsoft configuration part.

  2. Browse to and Click Create.

  3. Click on the All Connectors button at the bottom right of the page, search for “ATP” and select the Microsoft Defender ATP app.

  4. After that, select “Triggers - Trigger when new WDATP alert occurs”.

  5. Now authorized, inside the workflow board, click the + icon below the Defender block and add an action.

  6. Select HTTP Webhook (first option), and Click the new webhook block, to set up the parameters, including the target URL that you copied from Rezonate.

  1. Click the 3 dots icon and more commands, and a menu will appear, choose Turn on to enable the new flow.

Last updated