Forum Discussion

Brass Contributor

Jan 09, 2020

Solved

Office365 S&C Alerts available in Sentinel?

Hey all, we're trying to use our Sentinel to centralize alerts from all different E5 security solutions (wdatp, mcas, o365atp ..) Are O365 Alerts available in sentinel? Or are only the base O...

ehloworldio
Jan 09, 2020
mclaes

If i'm not mistaken Office Security & Compliance Center Alerts Connector is currently in private preview.

Alternatively, you could ingest these alerts via Graph Security API https://techcommunity.microsoft.com/t5/azure-sentinel/ingesting-office-365-alerts-with-graph-security-api/ba-p/984888

mclaes

Brass Contributor

Jan 09, 2020

ehloworldio

hey all, thanks for the quick replies! We do have all connectors live for the security solutions and have the MCAS/WDATP/ASC/IdentityProtection Analytics rules enabled.

The question was indeed about O365 alerts (not the events/logs) feeding in to Sentinel. I'll give the Graph API way a shot for now! We want to be on top of 'clicked-on-phishing-link' alerts as they present a significant risk to our org so having these alerts in Sentinel would be really helpful

Cheers, Maarten.

CurlX2305

Copper Contributor

May 27, 2020

mclaes

Having the same issue, were you able to integrate the alerts into Sentinel?

Ofer_Shezaf
Microsoft
Jun 01, 2020
Hi CurlX2305, a private preview for O365 SCC alerts is about to start. Join our Private Previews program to particiapte.
- CurlX
  Copper Contributor
  Jun 29, 2020
  Ofer_Shezaf Do you know the name of the preview? Is it the "MDATP Alert Integration Improvements" private preview?
  - Ofer_Shezaf
    Microsoft
    Jun 29, 2020
    CurlX : No. Not sure what the official name is but it would be Office ATP and not MDATP.