Oct 26 2020 01:26 AM
We have set up the connector to MDATP.
Messages that are displayed there take a long time until the info is displayed in Sentinel.
How do we get the information displayed in Sentinel in real time?
Such a long delay is not very nice from a security point of view.
Oct 29 2020 02:59 AM
Oct 29 2020 03:25 AM
@Jan_F1801 I share your concern. If the delays are too large, we're better off using email alerts straight from the log source (WDATP, MCAS, ASC ...).
Don't know if 'the silent majority' feels this is a problem too or if we are the only two :)
Oct 29 2020 07:42 AM