Mar 31 2020
- last edited on
Nov 02 2021
It is sad to see Microsoft defender ATP Connector at Azure Sentinel does not get all the required alert information as compared to Graph API.
Details like User information, IP Information, Threat Category & Threat Family are omitted.
Building any custom playbook to get these data is additionally charged although ingestion of Microsoft data is free. Connector needs improvement.
Apr 21 2020 09:12 PM - edited Apr 21 2020 09:13 PM
@PrashTechTalk thank you for your feedback. The best place to put requests for new or improved features is in our user voice forums, where it will be reviewed by engineering - https://feedback.azure.com/forums/920458-azure-sentinel.