You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/connect-microsoft-365-defender.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,7 +14,7 @@ ms.service: microsoft-sentinel
14
14
15
15
Microsoft Sentinel's [Microsoft 365 Defender](/microsoft-365/security/mtp/microsoft-threat-protection) connector with incident integration allows you to stream all Microsoft 365 Defender incidents and alerts into Microsoft Sentinel, and keeps the incidents synchronized between both portals. Microsoft 365 Defender incidents include all their alerts, entities, and other relevant information, and they group together, and are enriched by, alerts from Microsoft 365 Defender's component services **Microsoft Defender for Endpoint**, **Microsoft Defender for Identity**, **Microsoft Defender for Office 365**, and **Microsoft Defender for Cloud Apps**, as well as alerts from other services such as **Microsoft Purview Data Loss Prevention (DLP)** and **Azure Active Directory Identity Protection (AADIP)**.
16
16
17
-
The connector also lets you stream **advanced hunting** events from *all* of the above components into Microsoft Sentinel, allowing you to copy those Defender components' advanced hunting queries into Microsoft Sentinel, enrich Sentinel alerts with the Defender components' raw event data to provide additional insights, and store the logs with increased retention in Log Analytics.
17
+
The connector also lets you stream **advanced hunting** events from *all* of the above Defender components into Microsoft Sentinel, allowing you to copy those Defender components' advanced hunting queries into Microsoft Sentinel, enrich Sentinel alerts with the Defender components' raw event data to provide additional insights, and store the logs with increased retention in Log Analytics.
18
18
19
19
For more information about incident integration and advanced hunting event collection, see [Microsoft 365 Defender integration with Microsoft Sentinel](microsoft-365-defender-sentinel-integration.md#advanced-hunting-event-collection).
20
20
@@ -110,7 +110,7 @@ Verify that you've satisfied the [prerequisites](#prerequisites-for-active-direc
110
110
|**[EmailPostDeliveryEvents](/microsoft-365/security/defender/advanced-hunting-emailpostdeliveryevents-table)**| Security events that occur post-delivery, after Microsoft 365 has delivered the emails to the recipient mailbox |
111
111
|**[EmailUrlInfo](/microsoft-365/security/defender/advanced-hunting-emailurlinfo-table)**| Information about URLs on emails |
112
112
113
-
# [Defender for Identity (New!)](#tab/MDI)
113
+
# [Defender for Identity](#tab/MDI)
114
114
115
115
| Table name | Events type |
116
116
|-|-|
@@ -119,13 +119,13 @@ Verify that you've satisfied the [prerequisites](#prerequisites-for-active-direc
119
119
|**[IdentityLogonEvents](/microsoft-365/security/defender/advanced-hunting-identitylogonevents-table)**| Authentication activities made through your on-premises Active Directory, as captured by Microsoft Defender for Identity <br><br>Authentication activities related to Microsoft online services, as captured by Microsoft Defender for Cloud Apps |
120
120
|**[IdentityQueryEvents](/microsoft-365/security/defender/advanced-hunting-identityqueryevents-table)**| Information about queries performed against Active Directory objects such as users, groups, devices, and domains |
121
121
122
-
# [Defender for Cloud Apps (New!)](#tab/MDCA)
122
+
# [Defender for Cloud Apps](#tab/MDCA)
123
123
124
124
| Table name | Events type |
125
125
|-|-|
126
126
|**[CloudAppEvents](/microsoft-365/security/defender/advanced-hunting-cloudappevents-table)**| Information about activities in various cloud apps and services covered by Microsoft Defender for Cloud Apps |
127
127
128
-
# [Defender alerts (New!)](#tab/MDA)
128
+
# [Defender alerts](#tab/MDA)
129
129
130
130
| Table name | Events type |
131
131
|-|-|
@@ -179,7 +179,7 @@ In the **Next steps** tab, you’ll find some useful workbooks, sample queries,
179
179
180
180
## Next steps
181
181
182
-
In this document, you learned how to integrate Microsoft 365 Defender incidents, and advanced hunting event data from Microsoft Defender for Endpoint and Defender for Office 365, into Microsoft Sentinel, using the Microsoft 365 Defender connector. To learn more about Microsoft Sentinel, see the following articles:
182
+
In this document, you learned how to integrate Microsoft 365 Defender incidents, and advanced hunting event data from Microsoft Defender component services, into Microsoft Sentinel, using the Microsoft 365 Defender connector. To learn more about Microsoft Sentinel, see the following articles:
183
183
184
184
- Learn how to [get visibility into your data, and potential threats](get-visibility.md).
185
185
- Get started [detecting threats with Microsoft Sentinel](./detect-threats-built-in.md).
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments