Sep 26 2019 07:59 AM
Is it/will it ever be possible to query or pull in data from the underlying workspace that ingests all data from Defender endpoint agents?
Sep 26 2019 11:32 AM
SolutionNot sure yet. We are exploring this. you can import the data today by using MDATP streaming API -> Event Hub -> Logic App -> Log Analytics.
NOTE: you will incur costs for EH, Logic App, Log A, and Azure Sentinel. So copying all the data might not make sense. It might be better to have a playbook to query MDATP and bring only needed data back to Azure Sentinel.
Jun 20 2020 11:33 PM
Or try using MTP Advanced Hunting
Depends what you're looking for?
Sep 26 2019 11:32 AM
SolutionNot sure yet. We are exploring this. you can import the data today by using MDATP streaming API -> Event Hub -> Logic App -> Log Analytics.
NOTE: you will incur costs for EH, Logic App, Log A, and Azure Sentinel. So copying all the data might not make sense. It might be better to have a playbook to query MDATP and bring only needed data back to Azure Sentinel.