This installment is part of a broader series to keep you up to date with the latest features in Microsoft Sentinel. The installments will be bite-sized to enable you to easily digest the new content.
NOTE: Microsoft 365 Defender was formerly known as Microsoft Threat Protection or MTP. Microsoft Defender for Endpoint was formerly known as Microsoft Defender Advanced Threat Protection or MDATP.
We’re very pleased to announce that the public preview of the new Microsoft 365 Defender connector is now available, alongside a new Microsoft Sentinel benefit for Microsoft 365 E5 customers! The M365 Defender connector lets you stream advanced hunting logs - a type of raw event data - from Microsoft 365 Defender into Microsoft Sentinel. Click here to look at Microsoft documentation page on this connector.
With the integration of Microsoft Defender for Endpoint (MDATP) into the Microsoft 365 Defender security umbrella, you can now collect your Microsoft Defender for Endpoint advanced hunting events using the Microsoft 365 Defender connector, and stream them straight into new purpose-built tables in your Microsoft Sentinel workspace. These tables are built on the same schema that is used in the Microsoft 365 Defender portal, giving you complete access to the full set of advanced hunting logs, and allowing you to do the following:
Prerequisites
And that’s it! You will now have Microsoft Defender for Endpoint logs connected to your Sentinel workspace.
With this new offer, you can take advantage of end-to-end integrated security and save significant costs when ingesting Microsoft 365 data into Microsoft Sentinel. From November 1, 2020 through May 1, 2021, Microsoft 365 E5 and Microsoft 365 E5 Security customers can receive a data grant of up to 100 MB per user/month to ingest Microsoft 365 data, including Microsoft 365 advanced hunting data (including Microsoft Defender for Endpoint logs) described in this blog. For more details, please visit the M365 E5 Sentinel benefit website.
Try out the new connector and let us know your feedback using any of the channels listed in the Resources.
You can also contribute new connectors, workbooks, analytics and more in Azure Sentinel. Get started now by joining the Microsoft Sentinel Threat Hunters GitHub community!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.