Defender XDR connector

techjunk · ‎Mar 29 2024

I'm confused about what I am seeing for installed connectors in Sentinel.

Within "Data connectors" I have the Microsoft Defender XDR connector and it is enabled.

The description is;

"Microsoft Defender XDR is a unified, natively integrated, pre- and post-breach enterprise defense suite that protects endpoint, identity, email, and applications and helps you detect, prevent, investigate, and automatically respond to sophisticated threats"

If I go to "Content hub" and search for "Status: Installed" I don't see that connector. If I change the filter to "Status: Not installed" and search for Microsoft Defender XDR I see this solution;

Based on the difference in number of Analytic rules and Queries associated with the two solutions they are not the same.

Can someone shed some light on this? Does one supersede the other?

And why when I search for installed solutions does the one I have installed not show up?

Thanks

haifa23 · ‎Mar 29 2024

Just my understanding:
In Content hub, what you see is a solution, it includes 1 data connector, 40 analytics rule, 71 hunting query and 3 workbook.
In "Data connector", you only see the data connector. the related content in the data connecter details may be from mutiple solutions, I guess.

techjunk · ‎Apr 01 2024

I'm not sure where the issue originated, but I installed the supposedly missing solution and it now shows when filtering on installed. I'm not sure if the connector and some of the content type was previously installed, or if there was some previous version installed, but I am no longer seeing the odd mis-matched information.

Defender XDR connector

Defender XDR connector

Re: Defender XDR connector

Re: Defender XDR connector

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Defender XDR connector