Forum Discussion

Copper Contributor

Jun 16, 2022

Azure Sentinel Side by Side with QRadar

Hi, quick question: in the "Event Filter" on Qradar we add: vendorInformation/provider eq 'Azure Sentinel' to get Sentinel events but is it possible to include another azure instances such as ...

microsoft defender for cloud

microsoft defender for cloud apps

microsoft defender for endpoint

Rod_Trent

Microsoft

Jun 16, 2022

Jesto001 A couple ways.

As a query example...

SecurityAlert
| where ProductName == "Microsoft Cloud App Security"

Using a filter in the UI (example in Incidents)...

Clive_Watson

Bronze Contributor

Jun 17, 2022

also

SecurityAlert
| where ProductName in ("Microsoft Cloud App Security","product A","product B")