cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Microsoft Defender ATP Azure Sentinel Connector omits lot of important Alert information

%3CLINGO-SUB%20id%3D%22lingo-sub-1268483%22%20slang%3D%22en-US%22%3EMicrosoft%20Defender%20ATP%20Azure%20Sentinel%20Connector%20omits%20lot%20of%20important%20Alert%20information%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1268483%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20is%20sad%20to%20see%20Microsoft%20defender%20ATP%26nbsp%3BConnector%20at%20Azure%20Sentinel%20does%20not%20get%20all%20the%20required%20alert%20information%20as%20compared%20to%20Graph%20API.%26nbsp%3B%20%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDetails%20like%26nbsp%3BUser%20information%2C%26nbsp%3BIP%20Information%2C%20Threat%20Category%20%26amp%3B%20Threat%20Family%20are%20omitted.%26nbsp%3B%20%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBuilding%20any%20custom%20playbook%20to%20get%20these%20data%20is%20additionally%20charged%20although%20ingestion%20of%20Microsoft%20data%20is%20free.%26nbsp%3B%20%26nbsp%3BConnector%20needs%20improvement.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1268483%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Sentinel%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Sentinel%20Connector%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMDATP%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Defender%20ATP%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1327262%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Defender%20ATP%20Azure%20Sentinel%20Connector%20omits%20lot%20of%20important%20Alert%20information%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1327262%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F516158%22%20target%3D%22_blank%22%3E%40Prash915%3C%2FA%3E%26nbsp%3B%20thank%20you%20for%20your%20feedback.%20The%20best%20place%20to%20put%20requests%20for%20new%20or%20improved%20features%20is%20in%20our%20user%20voice%20forums%2C%20where%20it%20will%20be%20reviewed%20by%20engineering%20-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ffeedback.azure.com%2Fforums%2F920458-azure-sentinel%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Ffeedback.azure.com%2Fforums%2F920458-azure-sentinel.%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks!%3C%2FP%3E%0A%3CP%3ESarah%3C%2FP%3E%3C%2FLINGO-BODY%3E
Prash915
Occasional Contributor

‎Mar 31 2020 09:00 AM - edited ‎Mar 31 2020 09:04 AM

‎Mar 31 2020 09:00 AM - edited ‎Mar 31 2020 09:04 AM

Microsoft Defender ATP Azure Sentinel Connector omits lot of important Alert information

Hi 

 

It is sad to see Microsoft defender ATP Connector at Azure Sentinel does not get all the required alert information as compared to Graph API.   

 

Details like User information, IP Information, Threat Category & Threat Family are omitted.   

 

Building any custom playbook to get these data is additionally charged although ingestion of Microsoft data is free.   Connector needs improvement.

 

Thanks

 

348 Views
3 Likes
1 Reply
Reply
1 Reply
Sarah_Young

‎Apr 21 2020 09:12 PM - edited ‎Apr 21 2020 09:13 PM

‎Apr 21 2020 09:12 PM - edited ‎Apr 21 2020 09:13 PM

Re: Microsoft Defender ATP Azure Sentinel Connector omits lot of important Alert information

@Prash915  thank you for your feedback. The best place to put requests for new or improved features is in our user voice forums, where it will be reviewed by engineering - https://feedback.azure.com/forums/920458-azure-sentinel.

 

Thanks!

Sarah

0 Likes
Reply