You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/microsoft-365-defender-sentinel-integration.md
+8-6Lines changed: 8 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,14 +15,17 @@ ms.collection: usx-security
15
15
16
16
Integrate Microsoft Defender XDR with Microsoft Sentinel to stream all Defender XDR incidents and advanced hunting events into Microsoft Sentinel and keep the incidents and events synchronized between the Azure and Microsoft Defender portals. Incidents from Defender XDR include all associated alerts, entities, and relevant information, providing you with enough context to perform triage and preliminary investigation in Microsoft Sentinel. Once in Microsoft Sentinel, incidents remain bi-directionally synced with Defender XDR, allowing you to take advantage of the benefits of both portals in your incident investigation.
17
17
18
-
Watch this short overview of Microsoft Sentinel integration with Microsoft Defender XDR (4 minutes). This video applies to the Defender XDR integration with Microsoft Sentinel in the Azure portal.
Alternatively, onboard Microsoft Sentinel with Defender XDR to the unified security operations platform in the Defender portal. The unified security operations platform brings together the full capabilities of Microsoft Sentinel, Defender XDR, and generative AI built specifically for cybersecurity. For more information, see the following resources:
23
19
24
20
-[Unified security operations platform with Microsoft Sentinel and Defender XDR](https://aka.ms/unified-soc-announcement)
25
21
-[Microsoft Sentinel in the Microsoft Defender portal](microsoft-sentinel-defender-portal.md)
22
+
-[Microsoft Copilot in Microsoft Defender](/defender-xdr/security-copilot-in-microsoft-365-defender)
23
+
24
+
## Integration of Defender XDR with Microsoft Sentinel
25
+
26
+
Watch this short overview of Microsoft Sentinel integration with Microsoft Defender XDR (4 minutes). This video applies to the Defender XDR integration with Microsoft Sentinel in the Azure portal.
@@ -111,11 +114,10 @@ The Defender XDR connector also lets you stream **advanced hunting** events&mdas
111
114
112
115
- Store the logs with increased retention, beyond Defender XDR’s or its components' default retention of 30 days. You can do so by configuring the retention of your workspace or by configuring per-table retention in Log Analytics.
113
116
114
-
## Next steps
117
+
## Related content
115
118
116
119
In this document, you learned the benefit of using Defender XDR together with Microsoft Sentinel, by enabling the Defender XDR connector in Microsoft Sentinel.
117
120
118
121
-[Connect data from Microsoft Defender XDR to Microsoft Sentinel](connect-microsoft-365-defender.md)
119
122
- To use the unified security operations platform in the Defender portal, see [Connect data from Microsoft Defender XDR to Microsoft Sentinel](connect-microsoft-365-defender.md).
120
123
- Check [availability of different Microsoft Defender XDR data types](microsoft-365-defender-cloud-support.md) in the different Microsoft 365 and Azure clouds.
121
-
- Create [custom alerts](detect-threats-custom.md) and [investigate incidents](investigate-incidents.md).
0 commit comments