Skip to content

[Internal]: Microsoft data in analyzer #3187

New issue
New issue
Closed as duplicate of#2308
Closed as duplicate of#2308
[Internal]: Microsoft data in analyzer#3187
Labels
Team:ExperienceIssues owned by the Experience Docs Team
@tomsonpl

Description

@tomsonpl
tomsonpl
opened on Sep 26, 2025

Description

Enable Analyzer to show process data coming from Microsoft Defender for Endpoint and M365 integrations

One change that happened with this PR is that we now enable fetching events of alert kind when used with 3rd party integrations, so user should have access to alerts-security.alerts-* indices in order to see these data properly in analyzer. We might want to adjust other docs regarding 3rd party data in analyzer accordingly.

Resources

PR: elastic/kibana#230742

Issue: https://github.com/elastic/security-team/issues/11591

Which documentation set does this change impact?

Elastic On-Prem and Cloud (all)

Feature differences

None

What release is this request related to?

9.2

Serverless release

the week of 29th September 2025

Collaboration model

The documentation team

Point of contact.

Main contact: @tomsonpl

Stakeholders: @raqueltabuyo

Metadata

Metadata

Assignees

No one assigned

    Labels

    Team:ExperienceIssues owned by the Experience Docs Team

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions