Share via

where does the alert data for defender for SQL populate in sentinel

Robert Feldman 21 Reputation points
2021-11-30T12:21:19.64+00:00

I am referring to this product. Will an entry be made in the SecurityAlert table in the KQL logs? If so what would be the provider?

https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-sql-introduction

Microsoft Security | Microsoft Sentinel
0 comments

Answer accepted by question author

Andrew Blumhardt 10,071 Reputation points Microsoft Employee
2021-11-30T13:27:12.927+00:00

All of the alerts forwarded to Sentinel from Defender for Cloud (Azure Security Center) can be found in the Security Alert table under the Azure Security Center provider name.

SecurityAlert
| where ProviderName == "Azure Security Center"
| summarize count() by AlertType

Was this answer helpful?

0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.