Sep 07 2021 07:36 AM
Hello,
we have O365 security center sending alerts to our 3rd party SIEM through the management API.
MCAS sees the same O365 alert - when MCAS is integrated with the SIEM, will both alerts be seen by the SIEM?
Sep 07 2021 11:50 PM
@DJB This probably depends on the SIEM solution. Usually what happens is that both services are being ingested with different connectors or whatever they're called for your SIEM. In that sense, the SIEM needs to be able to determine that it's the same alert if both alerts come in via a different route.
Sep 08 2021 12:47 AM