Configure Get Related Machines from Defender Capability in Microsoft Defender for Endpoint

  • Versão de lançamento: Australia
  • Atualizado 12 de mar. de 2026
  • 1 min. de leitura

    • Get the list of related machines of specific observables.

    Antes de Iniciar

    Nota:
    Supported Observable Types are Domain name, SHA1 hash, and Username.
    Role required: sn_si.admin or sn_si.analyst

    Por Que e Quando Desempenhar Esta Tarefa

    You can retrieve the list of machines that have accessed the particular observables. You can store the list on the Microsoft Defender for Endpoint Related Machines Details table. You can trigger the Get Related Machines from Defender capability from the Associated Observables related list.

    Procedimento

    1. Navigate to Security Incidents > Show All Incidents.
    2. Select the security incident that you want to review with the Microsoft Defender for Endpoint information.
      Figura 1. Get Related Machines from Defender
      Get Related Machines from Defender capability implementation
    3. In the Related links section, click Show IoC.
    4. Click the Associated Observables related list.
    5. Select the associated observables.
    6. From the Actions list, select the Get Related Machines from Defender capability.
    7. Validate the automation activity and activities section.
    8. View the data, and validate the Microsoft Defender for Endpoint Related Machines details on the related lists.
    9. View the automation activities of the execution, and validate them.