Tenant-based Microsoft Defender for Cloud (Preview) connector for Microsoft Sentinel
Microsoft Defender for Cloud is a security management tool that allows you to detect and quickly respond to threats across Azure, hybrid, and multi-cloud workloads. This connector allows you to stream your MDC security alerts from Microsoft 365 Defender into Microsoft Sentinel, so you can can leverage the advantages of XDR correlations connecting the dots across your cloud resources, devices and identities and view the data in workbooks, queries and investigate and respond to incidents. For more information, see the Microsoft Sentinel documentation.
This is autogenerated content. For changes, contact the solution provider.
Connector attributes
Connector attribute | Description |
---|---|
Log Analytics table(s) | SecurityAlert (ASC) |
Data collection rules support | Not currently supported |
Supported by | Microsoft Corporation |
Query samples
All logs
SecurityAlert
| where ProductName == "Azure Security Center"
| sort by TimeGenerated
Summarize by severity
SecurityAlert
| where ProductName == "Azure Security Center"
| summarize count() by AlertSeverity
Vendor installation instructions
Connect Tenant-based Microsoft Defender for Cloud to Microsoft Sentinel
After connecting this connector, all your Microsoft Defender for Cloud subscriptions' alerts will be sent to this Microsoft Sentinel workspace.
Your Microsoft Defender for Cloud alerts are connected to stream through the Microsoft 365 Defender. To benefit from automated grouping of the alerts into incidents, connect the Microsoft 365 Defender incidents connector. Incidents can be viewed in the incidents queue.