cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Users endpoint security events Sentinel

NicS
Copper Contributor

‎Mar 09 2022 02:26 AM

‎Mar 09 2022 02:26 AM

Users endpoint security events Sentinel

Does ingesting Security Events from users' machines into Sentinel make sense, or is it more effective to simply enrol in MDE and enable Defender 365 sentinel connector?

I am concerned by the large number of logs generated by users' endpoints if we enable logs ingestion via AMA (MMA) agent. 

 

Thanks

Labels:
614 Views
0 Likes
2 Replies
Reply
2 Replies
Gary Bushey

‎Mar 09 2022 04:25 AM

‎Mar 09 2022 04:25 AM

Re: Users endpoint security events Sentinel

@NicS If you can use MDE then it definitely makes sense to use it.  This will save you from having to recreate all the queries that MDE has out of the box.   In addition MDE can provide other services that make it better suited in this case.

 

Someone told me to think of MS Sentinel as a backstop.  Use it to catch everything that other programs miss.  It would not make sense to not use a catcher (in this case MDE) if you have one :)

0 Likes
Reply
NicS

‎Mar 09 2022 06:34 AM

‎Mar 09 2022 06:34 AM

Re: Users endpoint security events Sentinel

Thank you, Gary
0 Likes
Reply