Forum Discussion

ahmad_zuhd's avatar
ahmad_zuhd
Copper Contributor
Jul 09, 2024

Unified Security Operation Sentinel Vs Defender Tables

I have a question regarding the Unified SOC portal. In the session below, they highlighted one advantage: the ability to use Defender and Sentinel Tables together. However, both the SignInLogs and De...
ninja training
siem
webinars
what's new
cyb3rmik3's avatar
cyb3rmik3
Icon for Microsoft rankMicrosoft
Jul 10, 2024

ahmad_zuhd hi,

 

Technically, this example is not wrong as you may not be feeding into Sentinel the DeviceLogonEvents tables. While all tables available in XDR can be forwarded to Sentinel, that doesn't mean you've checked the relevant boxes by default in the connector. On the other hand, having a common space for Sentinel and XDR (Unified SOC) allows building queries which would include both SignInLogs and DeviceLogonEvents tables.

 

On a broader perspective, through Unified Security Operations you may want to pivot between XDR and Sentinel far more less, you can build both detection rules (XDR) and analytics (Sentinel), have access to your workbooks, perform threat hunting and many other Sentinel functionalities into the XDR portal. 

 

I hope this answered your question.

 

If I have answered your question, please mark your post as Solved

If you like my response, please consider giving it a like

 

 

Resources