Correlation with logs in Sentinel between MDATP logs

New Contributor

How can I access data in the located in the Advanced Hunting in MDATP like DeviceInfo and correlate it with logs in Sentinel like SecurityEvents? Now I only get the alerts from MDATP in to Sentinel.

1 Reply
It's not available by default, you would need to stream all MDATP events to Sentinel with the streaming API (

Keep in mind that this will generate A LOT of data and your cost of Sentinel will increase