Microsoft Defender for Endpoint
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Connector ID | MicrosoftDefenderAdvancedThreatProtection |
| Publisher | Microsoft |
| Used in Solutions | MicrosoftDefenderForEndpoint |
| Collection Method | Native |
| Connector Definition Files | template_MicrosoftDefenderAdvancedThreatProtection.JSON |
Microsoft Defender for Endpoint is a security platform designed to prevent, detect, investigate, and respond to advanced threats. The platform creates alerts when suspicious security events are seen in an organization. Fetch alerts generated in Microsoft Defender for Endpoint to Microsoft Sentinel so that you can effectively analyze security events. You can create rules, build dashboards and author playbooks for immediate response. For more information, see the Microsoft Sentinel documentation >.
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
SecurityAlert |
✓ | ✗ | ? |
Permissions
Resource Provider Permissions: - Workspace (Workspace): read and write permissions.
Licenses: - Microsoft Defender for Endpoint
Tenant Permissions: Requires GlobalAdmin, SecurityAdmin on the workspace's tenant
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
1. Connect Microsoft Defender for Endpoint alerts to Microsoft Sentinel
Connecting Microsoft Defender for Endpoint will cause your data that is collected by Microsoft Defender for Endpoint service to be stored and processed in the location that you have configured your Microsoft Sentinel workspace. 📋 Additional Configuration Step: This connector includes a configuration step of type
MicrosoftDefenderATP. Please refer to the Microsoft Sentinel portal for detailed configuration options for this step.
ℹ️ Microsoft Defender for Endpoint Advanced Hunting raw logs are available as part of the Microsoft 365 Defender (Preview) connector
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊