Defender ATP data integration

Is it/will it ever be possible to query or pull in data from the underlying workspace that ingests all data from Defender endpoint agents?

Nicholas DiCola (SECURITY JEDI)
Sep 26, 2019
Teezius

Not sure yet. We are exploring this. you can import the data today by using MDATP streaming API -> Event Hub -> Logic App -> Log Analytics.

NOTE: you will incur costs for EH, Logic App, Log A, and Azure Sentinel. So copying all the data might not make sense. It might be better to have a playbook to query MDATP and bring only needed data back to Azure Sentinel.

Nicholas DiCola (SECURITY JEDI)

Former Employee

Sep 26, 2019

Teezius

Not sure yet. We are exploring this. you can import the data today by using MDATP streaming API -> Event Hub -> Logic App -> Log Analytics.

NOTE: you will incur costs for EH, Logic App, Log A, and Azure Sentinel. So copying all the data might not make sense. It might be better to have a playbook to query MDATP and bring only needed data back to Azure Sentinel.

David Caddick

Iron Contributor

Jun 20, 2020

Or try using MTP Advanced Hunting
Depends what you're looking for?

Forum Discussion

Defender ATP data integration