Correlated Events

%3CLINGO-SUB%20id%3D%22lingo-sub-2365132%22%20slang%3D%22en-US%22%3ECorrelated%20Events%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2365132%22%20slang%3D%22en-US%22%3E%3CP%3EJust%20watched%20the%20M365%20Defedner%20for%20Endpoint%20webinar%20a%20few%20minutes%20ago.%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20don't%20use%20Sentinel.%3C%2FP%3E%3CP%3EWe%20have%20M365%20Identity%2C%20Endpoint%2C%20%26amp%3B%20MCAS%20all%20turned%20on.%3C%2FP%3E%3CP%3EWill%20we%20automatically%20see%20correlated%20incidents%20in%20M365%20Security%20Center%20(security.microsoft.com)%20or%20is%20there%20some%20integration%20I%20have%20to%20turn%20on%20between%20all%20of%20these.%3C%2FP%3E%3CP%3EOr%20do%20you%20have%20a%20document%20I%20can%20check%20our%20settings%20for%20all%20this%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2405410%22%20slang%3D%22en-US%22%3ERe%3A%20Correlated%20Events%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2405410%22%20slang%3D%22en-US%22%3EHi%20Gig%2C%20M365%20Defender%20for%20Endpoint%20will%20automatically%20correlate%20alerts%20from%20all%20of%20these%20sources%20into%20Incidents.%20There%20is%20no%20need%20for%20any%20manual%20work%20or%20Sentinel.%20Hope%20this%20helps!%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Just watched the M365 Defedner for Endpoint webinar a few minutes ago. 

We don't use Sentinel.

We have M365 Identity, Endpoint, & MCAS all turned on.

Will we automatically see correlated incidents in M365 Security Center (security.microsoft.com) or is there some integration I have to turn on between all of these.

Or do you have a document I can check our settings for all this?

 

Thanks

2 Replies
Hi Gig, M365 Defender for Endpoint will automatically correlate alerts from all of these sources into Incidents. There is no need for any manual work or Sentinel. Hope this helps!
Thanks