SEP Event Monitoring/Remediation with Workflow
As we're starting to go forward with our SEP remediation workflow, I'm curious to see if any others in the community are using Workflow to monitor SEP events? If so, how are you going about doing it? I've seen a few videos posted and got a few ideas but wonder what else others are doing. Any feedback would be great!
Our plan is to monitor the events by SQL query and take appropriate action based on certain triggers. We're planning to automate the update and scanning and if that doesn't resolve the issue then possibly move the machine to a lockdown group if there are numerous events. Then of course create a ticket in our Helpdesk (ServiceNow) and route it to the appropriate group.