Forum Discussion

Justinvw123CT's avatar
Justinvw123CT
Copper Contributor
May 04, 2021

Azure Security Centre and Sentinel sharing LAW

I have a question and am hoping someone can clarify something for me. We are working on a project deploying Azure Security Centre and Azure Defender (leveraging Qualys scanning engine) for vulnerability scanning capability, and consolidate the logs and metrics to a centralised Log Analytics Workspace. We also have a Sentinel project using its own Log Analytics Workspace. Am i correct in saying that when we deploy the LAW agents and Qualys agent it should be pointing to the same central log analytics that Sentinel uses? Or should it be using another Log Analytics Workspace and then use the connector to Sentinel? The Sentinel Project is looking for clarification why we should be using the Sentinel LAW instead of our own.

Resources