Mar 29 2024 08:30 AM
I'm confused about what I am seeing for installed connectors in Sentinel.
Within "Data connectors" I have the Microsoft Defender XDR connector and it is enabled.
The description is;
"Microsoft Defender XDR is a unified, natively integrated, pre- and post-breach enterprise defense suite that protects endpoint, identity, email, and applications and helps you detect, prevent, investigate, and automatically respond to sophisticated threats"
If I go to "Content hub" and search for "Status: Installed" I don't see that connector. If I change the filter to "Status: Not installed" and search for Microsoft Defender XDR I see this solution;
Based on the difference in number of Analytic rules and Queries associated with the two solutions they are not the same.
Can someone shed some light on this? Does one supersede the other?
And why when I search for installed solutions does the one I have installed not show up?
Thanks
Mar 29 2024 05:40 PM - edited Mar 29 2024 05:41 PM
Just my understanding:
In Content hub, what you see is a solution, it includes 1 data connector, 40 analytics rule, 71 hunting query and 3 workbook.
In "Data connector", you only see the data connector. the related content in the data connecter details may be from mutiple solutions, I guess.
Apr 01 2024 08:31 AM