Forum Discussion
Getting Office 365 Security Events and Incidents in Sentinel
I’ve created a custom detection in Office 365’s security portal that generated an incident, but that incident is not showing up in Azure Sentinel. I’ve done queries in Sentinel via the...
I see
Then I would advise you to connect MDATP to Sentinel (https://docs.microsoft.com/en-us/azure/sentinel/connect-microsoft-defender-advanced-threat-protection)
And enable the analytics rule - Create incidents based on Microsoft Defender Advanced Threat Protection alerts
Then I would advise you to connect MDATP to Sentinel (https://docs.microsoft.com/en-us/azure/sentinel/connect-microsoft-defender-advanced-threat-protection)
And enable the analytics rule - Create incidents based on Microsoft Defender Advanced Threat Protection alerts
Thank you I'll investigate...