Jan 07 2022 04:13 AM
Hi all
Hoping for just some second thoughts / opinions really on a topic that's arisen if I may, namely:
Data received from Defender of Endpoint and new Enriched device (FileInfo, Info, Network) vs typical OMS agent installation. Is the main difference really only traditional Windows Event logs? Would you have one preference over another? or both?
We've deployed defender for endpoint to Server 2019 and thus have the enriched data coming into the DeviceXXXX tables, however, we haven't deployed the OMS agent (legacy) , so missing SecurityEvents for the devices. Is there perhaps a middle ground?
Thanks!