Forum Discussion
SecurityAlert (MDATP) showing disable and we are not receiving logs In sentinel from M365 Defender
have your tried to trigger an alert from MDE and see if the signal will be turned out to green ? also have you activate the analytic rule related to MDE to ingest the logs to sentinel ?
- Humza_BukhariSep 22, 2023Copper Contributor
eliekarkafy yes as you can see i have already created this but unfortunately didnt get any logs . i have tried every possible way but all in vain
- eliekarkafySep 22, 2023MVP
Humza_Bukhari did you verified the permissions as well?
try to run the below query on your analytic workspace to see if there is any logs ingested from defender
let Now = now();
(range TimeGenerated from ago(14d) to Now-1d step 1d
| extend Count = 0
| union isfuzzy=true (
SecurityIncident
| where ProviderName == "Microsoft 365 Defender"
| summarize Count = count() by bin_at(TimeGenerated, 1d, Now)
)
| summarize Count=max(Count) by bin_at(TimeGenerated, 1d, Now)
| sort by TimeGenerated
| project Value = iff(isnull(Count), 0, Count), Time = TimeGenerated, Legend = "Events")
| render timechart- LauriK000Oct 18, 2023Copper Contributor