Forum Discussion
Correlation with logs in Sentinel between MDATP logs
How can I access data in the located in the Advanced Hunting in MDATP like DeviceInfo and correlate it with logs in Sentinel like SecurityEvents? Now I only get the alerts from MDATP in to Sentinel.
1 Reply
- It's not available by default, you would need to stream all MDATP events to Sentinel with the streaming API (https://techcommunity.microsoft.com/t5/microsoft-defender-atp/microsoft-defender-atp-streaming-api-public-preview-diy-example/ba-p/769427)
Keep in mind that this will generate A LOT of data and your cost of Sentinel will increase
