Microsoft Defender ATP Azure Sentinel Connector omits lot of important Alert information

Question

Hi&nbsp;&nbsp;It is sad to see Microsoft defender ATP&nbsp;Connector at Azure Sentinel does not get all the required alert information as compared to Graph API.&nbsp; &nbsp;&nbsp;Details like&nbsp;User information,&nbsp;IP Information, Threat Category &amp; Threat Family are omitted.&nbsp; &nbsp;&nbsp;Building any custom playbook to get these data is additionally charged although ingestion of Microsoft data is free.&nbsp; &nbsp;Connector needs improvement.&nbsp;Thanks&nbsp;

sarah_young · Answer

PrashTechTalk&nbsp; thank you for your feedback. The best place to put requests for new or improved features is in our user voice forums, where it will be reviewed by engineering -&nbsp;https://feedback.azure.com/forums/920458-azure-sentinel.
&nbsp;
Thanks!
Sarah

Forum Discussion

Microsoft Defender ATP Azure Sentinel Connector omits lot of important Alert information

Share

Resources