Microsoft Defender for Endpoint Events - Learn more about the Microsoft Defender for Endpoint Events Collector and content pack integrations in Cortex XSIAM. - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM 3.x Documentation
Product
Cortex XSIAM
Creation date
2025-07-15
Last date published
2026-06-16
Category
Administrator Guide
Abstract

Learn more about the Microsoft Defender for Endpoint Events Collector and content pack integrations in Cortex XSIAM.

You can configure collecting Microsoft Defender for Endpoints raw EDR event data using a Standard Collector or with a content pack integration:

Microsoft Defender for Endpoints vendor

Description

Standard Collector overview

Forward raw EDR event data from Microsoft Defender for Endpoint Events, streamed to Azure Event Hubs to Cortex XSIAM using the Microsoft Defender for Endpoint Events data source.

Link to Standard Collector instructions

Ingest raw EDR events from Microsoft Defender for Endpoint

Links to content pack/ integration details

The Microsoft Defender for Endpoint content pack provides a unified platform within Cortex XSIAM to deliver preventative protection, post-breach detection, automated investigation, and response for endpoints across Windows, macOS, Linux, Android, iOS, and network devices. It contains the following integrations:

  • Microsoft Defender for Endpoint: Use this integration to connect to the MDE platform and import events as Cortex XSIAM issues to facilitate investigation and remediation actions. It includes playbooks, an automation script, and commands that perform endpoint investigation and response, collect indicator and file statistics, and retrieve authentication and permission details. You can run the commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

  • Microsoft Defender for Endpoint Alerts (deprecated): Use the Office 365 data source instead (Standard Collector).