https://catalogartifact.azureedge.net/publicartifacts/adaquestinc1589508805668.scp_agent_entity_guard_investigator-d94437be-b326-4471-aba9-ec47145e2bbd/57262406-0969-43f8-9d60-09adfa705e50_adaLogo.png

Entity Guard Investigator Agent

Autor: adaQuest

Investigates Defender incidents and delivers clear risk verdicts with actionable insights.

The Entity Guard Investigator Agent determines whether identities and related entities referenced by a Microsoft Defender incident are compromised. Starting from a Defender IncidentId, the agent extracts entities (users, email addresses & message IDs, devices, IPs, URLs/domains, file hashes), enriches them with Microsoft Entra identity signals, Defender device posture, Threat Intelligence (DTI) reputation, and optionally Intune compliance. It then produces a human-readable verdict per entity with concise evidence and prioritized actions.

Rychlý přehled

https://catalogartifact.azureedge.net/publicartifacts/adaquestinc1589508805668.scp_agent_entity_guard_investigator-d94437be-b326-4471-aba9-ec47145e2bbd/2cd28488-d461-4118-891b-21216e931a7e_ScreenshotEGIA.png
https://catalogartifact.azureedge.net/publicartifacts/adaquestinc1589508805668.scp_agent_entity_guard_investigator-d94437be-b326-4471-aba9-ec47145e2bbd/4baf0da6-f519-41f2-b59d-e9a65ce03115_ScreenshotEGIA2.png