Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,139 questions
Thank you for your post!
When it comes to integrating Microsoft Defender External Attack Surface Management (Defender EASM) with Microsoft Sentinel, you should be able to leverage the data connections feature to help you seamlessly integrate your attack surface data into other Microsoft solutions.
For more info - Defender EASM Data Connections Configuration overviews
Configure Log Analytics permissions
- Open the Log Analytics workspace that will ingest your Defender EASM data or create a new workspace.
- On the leftmost pane, under Settings, select Agents.
- Expand the Log Analytics agent instructions section to view your workspace ID and primary key. These values are used to set up your data connection.
You can connect your Defender EASM data to either Log Analytics or Azure Data Explorer. To do so, select Add connection for the appropriate tool from the Data Connections page.
A configuration pane opens on the right side of the Data Connections page. The following fields are required for each respective tool.
- Name: Enter a name for this data connection.
- Workspace ID: Enter the workspace ID for the Log Analytics instance where you want to export Defender EASM data.
- API key: Enter the API key for the Log Analytics instance.
- Content: Select to integrate asset data, attack surface insights, or both datasets.
- Frequency: Select the frequency that the Defender EASM connection uses to send updated data to the tool of your choice. Available options are daily, weekly, and monthly.
I hope this helps!
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.