Microsoft Defender endpoint security digest
Scheduled read-only Microsoft Defender for Endpoint security digest. It reads bounded pages of active alerts, high-risk machines, recent machine actions, security recommendations, vulnerabilities, and the organizational exposure score through recued-core.microsoft-defender-endpoint, renders compact tables, and optionally sends an in-app nudge when matching alerts or machines are visible. It never runs advanced hunting passthrough, live response, offboarding, antivirus scans, file quarantine actions, package collection, tag mutation, indicator mutation, bulk alert updates, raw exports, or arbitrary Defender APIs.
How it works
Inspect the data fetches, transforms, gates, and output this recipe runs.
Settings
Configurable at install. Defaults shown — change them anytime in Recued.
channels
setting
=
in_app
end hour
setting
=
10
weekdays
setting
=
1,2,3,4,5
row limit
setting
=
20
start hour
setting
=
8
alert filter
setting
=
status ne 'Resolved' and severity ne 'Informational'
machine filter
setting
=
riskScore ne 'None' or exposureLevel ne 'None'
microsoft defender
setting
=
notify when findings
setting
=
true
vulnerability filter
setting
=
severity eq 'Critical' or severity eq 'High'
machine action filter
setting
=
status ne 'Succeeded'
recommendation filter
setting
=
status eq 'Active'
Trust & control
What installing this recipe would let it do. Recued grants these permissions at install — review them there before approving.