Microsoft Defender machine investigation brief
Read-only investigation brief for one Microsoft Defender for Endpoint machine. It reads machine posture, related alerts, discovered vulnerabilities, observed logon users, and recent machine actions through recued-core.microsoft-defender-endpoint, then asks the AI summarizer for incident context, endpoint risk, vulnerable software signals, and next steps. It never isolates, releases isolation, updates alerts, runs live response, offboards devices, scans, quarantines files, collects packages, mutates tags, or calls arbitrary Defender APIs.
How it works
Inspect the data fetches, transforms, gates, and output this recipe runs.
Settings
Configurable at install. Defaults shown — change them anytime in Recued.
focus
setting
=
Summarize this Defender for Endpoint machine's risk score, exposure level, health, OS, last seen time, related alerts, logon users, discovered vulnerabilities, recent machine actions, likely priority, and concrete next steps. Do not invent facts outside the Defender data.
row limit
setting
=
20
machine id
setting
=
max length
setting
=
900
microsoft defender
setting
=
Trust & control
What installing this recipe would let it do. Recued grants these permissions at install — review them there before approving.