Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Correlation with logs in Sentinel between MDATP logs

Copper Contributor

How can I access data in the located in the Advanced Hunting in MDATP like DeviceInfo and correlate it with logs in Sentinel like SecurityEvents? Now I only get the alerts from MDATP in to Sentinel.

1 Reply
It's not available by default, you would need to stream all MDATP events to Sentinel with the streaming API (https://techcommunity.microsoft.com/t5/microsoft-defender-atp/microsoft-defender-atp-streaming-api-p...)

Keep in mind that this will generate A LOT of data and your cost of Sentinel will increase