Skip to main content
The XDR module connects ContraForce to Microsoft Defender XDR, giving you incident visibility, entity enrichment, and Gamebook response actions without any Azure infrastructure.

What’s Included

  • Defender XDR incident ingestion and correlation
  • Entity enrichment (users, devices, IPs, files, URLs)
  • Full Gamebook response actions (isolate, disable, quarantine, etc.)
  • Multi-tenant management across all Defender tenants
  • Endpoint visibility via the Endpoints page

What’s NOT Included

Sentinel incidents, CMS detection rules, email notifications, log search, and Azure Lighthouse. These require the XDR + SIEM module.

Deployment

Deployment takes 15–20 minutes with no Azure resources required. Follow the Platform Onboarding guide and select the XDR module. For the full deployment guide, see XDR Module Deployment.