Manage security alerts in Microsoft 365 security center(MTP), Sentinel or separately?

Occasional Contributor

I am having some questions and would like to receive opinions that can contribute.

 

I have the solutions in my environment and I'm in doubt about how to centralize everything.

 

I have Azure Sentinel receiving the Defender Atp, MCASB, Azure ATp, Office 365 ATp logs, among others.

 

I also have MCAS integrated with Azure ATP.

 

The question is. Where should all technologies be centralized?

 

That is, if I use Microsoft 365 Security Center to centralize Defender ATP, Azure ATP, MCAS and Office ATP, does it still make sense to receive these logs in Sentinel?

 

Would it be possible to integrate alerts generated in Sentinel with Microsoft 365 Security Center?

 

If I receive the solution logs on Sentinel, what would be the meaning of Microsoft 365 Security Center? Can I work with both, centralizing the solutions in both?

 

I know that there may not be a final answer, but I would be happy to get your position.

 

Thank you.

1 Reply

@luizao_lf The main reason to have the other Azure security alerts also show up in Azure Sentinel is to have a single pane of glass to see all the issues in your environment.  You will still go back to the other systems to perform the investigations since they have the tools to do that.

 

AFAIK, there is no way to have the Azure Sentinel alerts show up in MTP.

 

Overall, it is better to use the products that own the logs to perform the investigations since they are made to perform that task. So if an alert shows up in MCAS, you can have it show up in Azure Sentinel just to have one less place to look, but you will need to go back into MCAS to do the investigations.  Even if you do have the same logs in Azure Sentinel, you would need to re-invent the wheel in order to do what the other systems already can do.