EDR Alerts
Endpoint Detection and Response alerts from Microsoft Defender for Endpoint. View, investigate, and respond to threats detected on managed endpoints.
Alert Severity
| Severity | Description |
|---|---|
| Critical | Active threats requiring immediate response |
| High | Significant threats with potential for damage |
| Medium | Suspicious activity warranting investigation |
| Low | Minor anomalies for awareness |
Alert Categories
- Malware — Detected malicious software
- Suspicious activity — Behavioral anomalies
- Unwanted software — PUA detections
- Credential access — Credential theft attempts
- Lateral movement — Network spreading activity
- Command and control — C2 communication detected
Investigation Actions
- View alert timeline and related events
- Examine file and process details
- Check device risk score and exposure level
- Run automated investigation
- Initiate live response session
API Reference
GET /api/security/edr/alerts— List EDR alertsPUT /api/security/edr/alerts/:id— Update alert statusPOST /api/security/edr/alerts/:id/investigate— Start investigation
Last updated on