Thanks for your interest in Microsoft Defender ATP (MDATP)!
This repository hosts Powershell (PoSh) script samples for "Live Response" in your Microsoft Defender ATP (a part of the Microsoft 365 Threat Protection (MTP)).
Any scripts that further this goal are welcome.
2004 (20H1)
1909 (19H2)
1903 (19H1)
1809 (RS5)
1803 (RS4)
1709 (RS3)
1903 (19H1): KB4515384
1809 (RS5): KB4537818
1803 (RS4): KB4537795
1709 (RS3): KB4537816
Live response
Autoresolve remediated alerts
Take response actions on a file
Investigate entities on devices using live response
Initiate Live Response Session
Troubleshoot Microsoft Defender Advanced Threat Protection live response issues
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.