Forum Discussion

Humza_Bukhari's avatar
Humza_Bukhari
Copper Contributor
Sep 22, 2023

SecurityAlert (MDATP) showing disable and we are not receiving logs In sentinel from M365 Defender

We have tried every possible way but still we are unable to receive any logs after connecting the data connector in sentinel for microsoft defender 365 .  SecurityAlert (MDATP) is showing disable . s...
Humza_Bukhari's avatar
Humza_Bukhari
Copper Contributor
Sep 22, 2023
we are using microsoft 365 defender , we ahave also tried microsoft defender for endpoint but both in vain and not receiving any logs
elieelkarkafi's avatar
elieelkarkafi
MVP
Sep 22, 2023

Humza_Bukhari did you check the connector settings as below and if you have the right permissions in the workspace? 

 

    • elieelkarkafi's avatar
      elieelkarkafi
      MVP
      Sep 22, 2023

      have your tried to trigger an alert from MDE and see if the signal will be turned out to green ? also have you activate the analytic rule related to MDE to ingest the logs to sentinel ?

      • Humza_Bukhari's avatar
        Humza_Bukhari
        Copper Contributor
        Sep 22, 2023

        elieelkarkafi  yes as you can see i have already created this but unfortunately didnt get any logs . i have tried every possible way but all in vain

         

  • Humza_Bukhari's avatar
    Humza_Bukhari
    Copper Contributor
    Sep 22, 2023
    yes i have already check the connector setting but as i said earlier its is showing disable and greyed out .

Resources