Forum Discussion
Getting server error adding XDR
When I try and add the data connector Microsoft Defender XDR to my sentinel I'm getting the following error:
Categories AdvancedHunting-UrlClickEvents, AdvancedHunting-EmailAttachmentInfo, AdvancedHunting-EmailEvents, AdvancedHunting-EmailUrlInfo, AdvancedHunting-EmailPostDeliveryEvents are not supported.
I've reached out to Microsoft for assistance and have not had any luck so far. If someone can help resolve the issue I would appreciate it.
2 Replies
- Hi ,
From what I understand, this issue is likely due to the fact that the Microsoft Defender XDR data connector only supports a specific set of categories, and the ones you're trying to add are not part of that set.
Below are the set supported by data connector -
Table name Events type
DeviceInfo Machine information, including OS information
DeviceNetworkInfo Network properties of devices, including physical adapters, IP and MAC addresses, as well as
connected networks and domains
DeviceProcessEvents Process creation and related events
DeviceNetworkEvents Network connection and related events
DeviceFileEvents File creation, modification, and other file system events
DeviceRegistryEvents Creation and modification of registry entries
DeviceLogonEvents Sign-ins and other authentication events on devices
DeviceImageLoadEvents DLL loading events
DeviceEvents Multiple event types, including events triggered by security controls such as Windows Defender Antivirus and exploit protection
DeviceFileCertificateInfo Certificate information of signed files obtained from certificate verification events on endpoints
thanks
let me know if you have any question 🙂Ankit Thanks Ankit for the fast reply, I see those sets (Microsoft Defender for Endpoint) are right above the Microsoft Defender for Office 365 set on the Microsoft Defender XDR page. I was able to add the Microsoft Defender Alerts (Alertinfo and alertevidence) so I assume the Office 365 alerts should also be supported.
