Apr 21 2021 08:28 AM - edited Apr 21 2021 08:49 AM
Apr 21 2021 08:28 AM - edited Apr 21 2021 08:49 AM
Hello -
I've begun the testing and development phase of my Azure/Lighthouse deployment.
Currently: Customer A has defender for endpoint configured.
Goal:
Take defender ATP alerts and centrally manage them in the SOC using Azure lighthouse. I would like to manage the endpoint as well, I believe this is a different technology.
I know I will need to deploy Sentinel for myself and for Customer A
I will also need to deploy Azure Lighthouse to connect to the customer environment.
Which should be done first? ( and ) can this be done in one step?
Notes:
I plan to use this Azure-Sentinel/Tools/Sentinel-All-In-One/MSSPversion at master · Azure/Azure-Sentinel · GitHub
But I don't know where I am in the steps from
Extend Azure Sentinel across workspaces and tenants | Microsoft Docs
to
Onboard a customer to Azure Lighthouse - Azure Lighthouse | Microsoft Docs
to
Deploying and Managing Azure Sentinel as Code - Microsoft Tech Community
If someone can give me a
1()
2()
3()
Sort of picture in following documentation, advice, etc.
Greatly appreciated!
THANKS!
Apr 21 2021 08:50 AM
Apr 21 2021 08:50 AM
Apr 22 2021 04:55 AM
Apr 23 2021 06:05 AM
Apr 27 2021 07:10 AM
Apr 27 2021 11:51 AM
Apr 27 2021 06:05 PM
May 02 2021 07:28 AM
May 02 2021 07:46 AM