Forum Discussion
Humza_Bukhari
Sep 22, 2023Copper Contributor
SecurityAlert (MDATP) showing disable and we are not receiving logs In sentinel from M365 Defender
We have tried every possible way but still we are unable to receive any logs after connecting the data connector in sentinel for microsoft defender 365 . SecurityAlert (MDATP) is showing disable . s...
Humza_Bukhari
Sep 22, 2023Copper Contributor
eliekarkafy yes i have verified the permissions i have . plus this is what i get response by running this query which you provide .
eliekarkafy
Sep 22, 2023MVP
Humza_Bukhari ok let's do this exercise, from one of your devices onboarded to MDE create a malicious test file using the below link, save it as EICAR.com on the desktop and let MDE catch it and remediate it and check the alerts in the portal and keep an eye at the same time in Sentinel to see if this will trigger the signal
How to Create a Malicious Test File (EICAR) - Carbon Black Community
- Humza_BukhariSep 26, 2023Copper Contributorokay eliekarkafy thank you for your support
- eliekarkafySep 26, 2023MVPif you configured and checked all the above option and you triggered an alert and still no data ingested to sentinel to MDE , than you have something wrong in the backend and the only way is to contact the Microsoft security support team to check your tenant
- Humza_BukhariSep 26, 2023Copper ContributorPlease guide me how can i get these logs into the sentinel.
- Humza_BukhariSep 26, 2023Copper Contributor
eliekarkafy hi bro, i have configured and connect the data connector of defender with microsoft sentinel but i am still unable to receive these data
- Humza_BukhariSep 22, 2023Copper Contributorokay i have tried this , lets c what happened and will update you