Microsoft Defender XDR connector for Microsoft Sentinel
Microsoft Defender XDR is a unified, natively integrated, pre- and post-breach enterprise defense suite that protects endpoint, identity, email, and applications and helps you detect, prevent, investigate, and automatically respond to sophisticated threats.
Microsoft Defender XDR suite includes:
- Microsoft Defender for Endpoint
- Microsoft Defender for Identity
- Microsoft Defender for Office 365
- Threat & Vulnerability Management
- Microsoft Defender for Cloud Apps
For more information, see the Microsoft Sentinel documentation.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | SecurityIncident SecurityAlert DeviceEvents DeviceFileEvents DeviceImageLoadEvents DeviceInfo DeviceLogonEvents DeviceNetworkEvents DeviceNetworkInfo DeviceProcessEvents DeviceRegistryEvents DeviceFileCertificateInfo EmailEvents EmailUrlInfo EmailAttachmentInfo EmailPostDeliveryEvents IdentityLogonEvents IdentityQueryEvents IdentityDirectoryEvents CloudAppEvents AlertEvidence |
| Data collection rules support | Not currently supported |
| Supported by | Microsoft Corporation |
Next steps
For more information, go to the related solution in the Azure Marketplace.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for