Forum Discussion
Collecting Security Events from End point devices
MDE does gather login/logoff events as well as registry related events, and also gives you access to these events in the Advanced Hunting.
You can also create custom detection rules using KQL to create alerts, which could help you with detections.
However, I don't think all security events are gathered, so it is hard to tell if this will be enough.
There is no list of threats that MDE hunts for, or which type of events MDE will make available in advanced hunting, and you cannot choose what events to gather.
Therefore, I do not think there is a clear cut answer here.
You will need to try and see what can be found within Advanced Hunting on your own.
If this is enough, you can use MDE. If it is not enough, you will likely require AMA.
MDE does gather login/logoff events as well as registry related events, and also gives you access to these events in the Advanced Hunting.
You can also create custom detection rules using KQL to create alerts, which could help you with detections.
However, I don't think all security events are gathered, so it is hard to tell if this will be enough.
There is no list of threats that MDE hunts for, or which type of events MDE will make available in advanced hunting, and you cannot choose what events to gather.
Therefore, I do not think there is a clear cut answer here.
You will need to try and see what can be found within Advanced Hunting on your own.
If this is enough, you can use MDE. If it is not enough, you will likely require AMA.