Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Defender ATP data integration

Copper Contributor

Is it/will it ever be possible to query or pull in data from the underlying workspace that ingests all data from Defender endpoint agents?

2 Replies
best response confirmed by Teezius (Copper Contributor)
Solution

@Teezius 

Not sure yet.  We are exploring this.  you can import the data today by using MDATP streaming API -> Event Hub -> Logic App -> Log Analytics.

 

NOTE:  you will incur costs for EH, Logic App, Log A, and Azure Sentinel.  So copying all the data might not make sense.  It might be better to have a playbook to query MDATP and bring only needed data back to Azure Sentinel.

Or try using MTP Advanced Hunting :cool:
Depends what you're looking for?

1 best response

Accepted Solutions
best response confirmed by Teezius (Copper Contributor)
Solution

@Teezius 

Not sure yet.  We are exploring this.  you can import the data today by using MDATP streaming API -> Event Hub -> Logic App -> Log Analytics.

 

NOTE:  you will incur costs for EH, Logic App, Log A, and Azure Sentinel.  So copying all the data might not make sense.  It might be better to have a playbook to query MDATP and bring only needed data back to Azure Sentinel.

View solution in original post