May 03 2021 06:15 PM
I have a question and am hoping someone can clarify something for me. We are working on a project deploying Azure Security Centre and Azure Defender (leveraging Qualys scanning engine) for vulnerability scanning capability, and consolidate the logs and metrics to a centralised Log Analytics Workspace. We also have a Sentinel project using its own Log Analytics Workspace. Am i correct in saying that when we deploy the LAW agents and Qualys agent it should be pointing to the same central log analytics that Sentinel uses? Or should it be using another Log Analytics Workspace and then use the connector to Sentinel? The Sentinel Project is looking for clarification why we should be using the Sentinel LAW instead of our own.
May 04 2021 12:48 AM