MDI Health Alerts - Send to Sentinel

Dean Gross · ‎Dec 08 2022

What is the best way to ensure that MDI health alerts like "Directory Services Advanced Auditing is not enabled" show as an alert in Sentinel?

Martin_Schvartzman · ‎Dec 15 2022

@Dean Gross

There is no direct pipe for the health alerts to Sentinel.

As @Gershon Levitz suggested in the Teams channel, you could use the syslog capability in MDI to get them into a server in your environment and then forward them to Sentinel using the log analytics agent. See Connect Syslog data to Microsoft Sentinel | Microsoft Learn

Dean Gross · ‎Dec 15 2022

Thanks for the workaround, are there any plans to add this basic functionality? I don't think that we should have to do extra work like this after we have already configured the sensors and since the health data is already visible in M365 Security center

Martin_Schvartzman · ‎Dec 18 2022

@Dean Gross

Yes. Native forwarding the MDI health alerts to Sentinel is being evaluated.

Dean Gross · ‎Jan 02 2023

FYI, for anyone else interested in this topic, an approach is described here https://cloudbrothers.info/en/integrate-mdi-health-alerts-microsoft-sentinel/

MDI Health Alerts - Send to Sentinel

MDI Health Alerts - Send to Sentinel

Re: MDI Health Alerts - Send to Sentinel

Re: MDI Health Alerts - Send to Sentinel

Re: MDI Health Alerts - Send to Sentinel

Re: MDI Health Alerts - Send to Sentinel

Products (52)

Special Topics (28)

Video Hub (447)

Most Active Hubs

Most Active Hubs

Video Hub

MDI Health Alerts - Send to Sentinel

MDI Health Alerts - Send to Sentinel

Re: MDI Health Alerts - Send to Sentinel

Re: MDI Health Alerts - Send to Sentinel

Re: MDI Health Alerts - Send to Sentinel

Re: MDI Health Alerts - Send to Sentinel