cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Log Analytics design - Defender for Cloud and Sentinel

Arjan Veen, van
Brass Contributor

‎Jun 30 2022 08:36 AM - edited ‎Jun 30 2022 08:48 AM

‎Jun 30 2022 08:36 AM - edited ‎Jun 30 2022 08:48 AM

Log Analytics design - Defender for Cloud and Sentinel

All,

 

When you have Defender for Cloud and Sentinel.....do you still use 2 log analytics workspaces or do you reconfigure the defender for cloud log analytics workspace to ingest the defender for cloud events also into the sentinel workspace also?

 

best regards

 

Arjan

 

3,024 Views
0 Likes
7 Replies
Reply
7 Replies
Clive_Watson

‎Jun 30 2022 02:01 PM

‎Jun 30 2022 02:01 PM

Re: Log Analytics design - Defender for Cloud and Sentinel

They can happily share a workspace. There are lots of options, but typically I see one workspace.
0 Likes
Reply
ellyse

‎Sep 26 2022 07:58 PM

‎Sep 26 2022 07:58 PM

Re: Log Analytics design - Defender for Cloud and Sentinel

Hi Clive, do you know if there's any guidance or steps on how this can be set up?
0 Likes
Reply
best response confirmed by Arjan Veen, van (Brass Contributor)
Chandrasekhar_Arya

‎Sep 26 2022 11:27 PM

‎Sep 26 2022 11:27 PM

Solution

Re: Log Analytics design - Defender for Cloud and Sentinel

@Arjan Veen, van one log analytics is good enough to you can forward the ASC(Azure security center/Defender alerts to  Sentinel . 

Refer the below picture reference to one of the Microsoft source where it shows one log analytics is good enough for both Azure and On-prem 

Capture.PNG

2 Likes
Reply
Arjan Veen, van

‎Sep 27 2022 12:57 AM

‎Sep 27 2022 12:57 AM

Re: Log Analytics design - Defender for Cloud and Sentinel

Hello,

browse to defender for cloud - Environment settings - Auto provisioning - Extensions -Log Analytics agent/Azure Monitor agent - Edit Auto-provisioning configuration - Workspace selection and select the Sentinel workspace
1 Like
Reply
ellyse

‎Sep 27 2022 12:18 PM

‎Sep 27 2022 12:18 PM

Re: Log Analytics design - Defender for Cloud and Sentinel

Hi - I'm not seeing any mention of "Auto - provisioning ..." etc in the MDC environment settings. Could it be somewhere else?
0 Likes
Reply
Rko

‎Oct 15 2022 05:48 AM

‎Oct 15 2022 05:48 AM

Re: Log Analytics design - Defender for Cloud and Sentinel

Now it´s named "Settings & Monitoring". You can see it at top of the page "Defender Plans", near "Save" icon
0 Likes
Reply
PatriotJeff

‎Oct 18 2022 08:58 AM

‎Oct 18 2022 08:58 AM

Re: Log Analytics design - Defender for Cloud and Sentinel

@Arjan Veen, van , it depends ;).  Don't assume you can share a common LAW.  There are many factors to consider, such as ingestion of more than 100 GB/day, access control to the LAW, data sovereignty/geographic requirements, etc.  There is a decent decision tree at Design your Microsoft Sentinel workspace architecture | Microsoft Learn.

2 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Arjan Veen, van (Brass Contributor)
Chandrasekhar_Arya

‎Sep 26 2022 11:27 PM

‎Sep 26 2022 11:27 PM

Solution

Re: Log Analytics design - Defender for Cloud and Sentinel

@Arjan Veen, van one log analytics is good enough to you can forward the ASC(Azure security center/Defender alerts to  Sentinel . 

Refer the below picture reference to one of the Microsoft source where it shows one log analytics is good enough for both Azure and On-prem 

Capture.PNG

View solution in original post

2 Likes
Reply