Forum Discussion
jjsantanna
Jul 14, 2020Brass Contributor
Requesting a bit more integration between MCAS, AATP, MDATP, O365ATP with Sentinel
Some alarms coming from MDATP to Sentinel, for example: "Suspicious URL clicked", do not provide the actual URL. To discover the actual URL you must to access MDATP. This specific alarm is usually triggered based on O365ATP. Similarly, some alarms coming from AATP to Sentinel, for example: "Remote code execution attempt" are usually triggered after someone clicked in a URL. However, to access the actual URL you must to access the AATP. This specific alarm is usually triggered by MCAS and forwarded to AATP. It means that in this case you need to access MCAS.
Problem/request 0: it would be nice if MS-sec-boxes share all information from their alarms (ex. URLs) with Sentinel. Is there any timeline to add more information? when? which information?
Problem/request 1: MCAS, AATP, MDATP, O365ATP are not 'integrateable' via Azure Lighthouse. Then, MSSPs can not access/manage those MS-sec-solutions. Perhaps the RBAC 'security reader' and/or 'security contributor' could eventually enable access to those solutions. Is there any intention in this direction?
Thanks
- Rod_Trent
Microsoft
jjsantanna Hi. Have you considered joining our Private Preview program? By joining, you will have access to test upcoming releases and be able to ask those questions directly to the team in a private Teams channel.
You can find a link to join in the Sentinel console:
- jjsantannaBrass Contributor
Thanks Rod_Trent, we are already there. Would be nice if someone from the community answers those "questions" because we share the discussion with our customers.
- Thijs LecomteBronze ContributorI understand your pain.
We have build a layer on top of Sentinel, which does that correlation through the API's of the different products