Tenant-based Microsoft Defender for Cloud (Preview) connector for Microsoft Sentinel

Microsoft Defender for Cloud is a security management tool that allows you to detect and quickly respond to threats across Azure, hybrid, and multi-cloud workloads. This connector allows you to stream your MDC security alerts from Microsoft 365 Defender into Microsoft Sentinel, so you can can leverage the advantages of XDR correlations connecting the dots across your cloud resources, devices and identities and view the data in workbooks, queries and investigate and respond to incidents. For more information, see the Microsoft Sentinel documentation.

This is autogenerated content. For changes, contact the solution provider.

Connector attributes

Connector attribute Description
Log Analytics table(s) SecurityAlert (ASC)
Data collection rules support Not currently supported
Supported by Microsoft Corporation

Query samples

All logs

SecurityAlert 
| where ProductName == "Azure Security Center"
         
| sort by TimeGenerated

Summarize by severity

SecurityAlert

| where ProductName == "Azure Security Center"

| summarize count() by AlertSeverity

Vendor installation instructions

Connect Tenant-based Microsoft Defender for Cloud to Microsoft Sentinel

After connecting this connector, all your Microsoft Defender for Cloud subscriptions' alerts will be sent to this Microsoft Sentinel workspace.

Your Microsoft Defender for Cloud alerts are connected to stream through the Microsoft 365 Defender. To benefit from automated grouping of the alerts into incidents, connect the Microsoft 365 Defender incidents connector. Incidents can be viewed in the incidents queue.