BlueApp for Microsoft Defender Advanced Threat Protection

Automate threat detection and response with Microsoft Defender Advanced Threat Protection

  • Defended Advanced Endpoint Protection
  • Endpoint
  • Detection
  • Response

See All BlueApps + Plug-ins >
BlueApps extend USM Anywhere’s threat detection and orchestration capabilities to other security tools at no additional cost.
Learn more ›

Advanced endpoint detection and response agents can help play a critical role in an organization’s threat detection and response strategy.  The BlueApp for Microsoft Defender ATP helps to enhance the threat detection and response capabilities of USM Anywhere by collecting and analyzing log data from Defender's API and also provides orchestration actions to streamline incident response activities.

The app includes the following capabilities:

Log collection

  • Customize log collection via the Microsoft API
  • Correlation rules from LevelBlue Labs automatically detect security incidents


A special MS Defender dashboard is automatically available within USM Anywhere when data is being collected from MS Defender ATP and includes the following data elements:

  • Events trend
  • Action type
  • Security Score
  • Top 10 machine at risks
  • Top 10 Users at risks
  • Top quarantined Files
  • Top quarantined machines
  • Top Suspicious URLs
  • Top suspicious IPs

Orchestration Actions

The BlueApp for MS Defender ATP provides a set of orchestration actions that help enable customers to quickly take various actions on the endpoint.  These actions can be taken manually by the SOC operator in response to a USM Anywhere alarm or event or can be configured to run automatically with no user involvement.  Actions include:

  • Isolate a machine from the network with the self-quarantine feature
  • Quarantine/block a file - stop the endpoint from being able to access or execute a local file
  • Collect investigation package for an in-depth evaluation of an endpoint
  • Set IOCs - files, hosts, domains that should be blocked
  • Get File statistics
  • Get Domain statistics

Why you’ll love the BlueApp for Microsoft Defender Advanced Threat Protection

Accelerate time to detection & response

  • Help detect threats against your on-premises and cloud environments, and your SaaS applications, directly in USM Anywhere
  • Investigate incidents efficiently with rich, contextualized threat data in a single pane of glass
  • Automatically isolate compromised systems

Save time & money

  • Help reduce the time and expense of integrating multiple security products
  • Combine five essential security capabilities plus a growing ecosystem of BlueApps in one single console
  • Focus on threat response—not writing complex security analytics rules (AlienVault Labs does that for you!)

Extend your security monitoring capabilities

  • Aggregate alerts and events from the Microsoft ATP agent
  • Know what activities and changes are happening across your endpoints directly from USM Anywhere
  • Centrally monitor and analyze events and alerts gathered from all your security point products within USM Anywhere
Get price Free trial