Forum Discussion

kylemiller061's avatar
kylemiller061
Brass Contributor
Apr 21, 2020

MDATP Alert Tactic Not Surfaced in Log Analytics

When reviewing incidents in Sentinel that have been generated by the MDATP connector, most of the time the tactic associated to the activity at the endpoint alert level is also visible within the Sen...
microsoft defender for endpoint
Sarah_Young's avatar
Sarah_Young
Icon for Microsoft rankMicrosoft
Apr 22, 2020

kylemiller061 you can achieve this by using a Logic App to enrich the data coming from MDATP using the API, it is not available via the connector at this time.

 

Thanks!

Sarah

Resources