BETTER Mobile Threat Defense (MTD) connector for Microsoft Sentinel
The BETTER MTD Connector allows Enterprises to connect their Better MTD instances with Microsoft Sentinel, to view their data in Dashboards, create custom alerts, use it to trigger playbooks and expands threat hunting capabilities. This gives users more insight into their organization's mobile devices and ability to quickly analyze current mobile security posture which improves their overall SecOps capabilities.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | BetterMTDIncidentLog_CL BetterMTDDeviceLog_CL BetterMTDAppLog_CL BetterMTDNetflowLog_CL |
| Data collection rules support | Not currently supported |
| Supported by | Better Mobile Security Inc. |
Query samples
All threats in the past 24 hour
BetterMTDIncidentLog_CL
| where TimeGenerated > ago(24h)
| sort by TimeGenerated
| limit 100
Enrolled Devices in the past 24 hour
BetterMTDDeviceLog_CL
| where TimeGenerated > ago(24h)
| sort by TimeGenerated
| limit 100
Installed applications in the last 24 hour
BetterMTDAppLog_CL
| where TimeGenerated > ago(24h) and AppStatus_s == "installed"
| sort by TimeGenerated
| limit 100
Blocked Network traffics in the last 24 hour
BetterMTDNetflowLog_CL
| where TimeGenerated > ago(24h) and Status_s == "blocked"
| sort by TimeGenerated
| limit 100
Vendor installation instructions
- In Better MTD Console, click on Integration on the side bar.
- Select Others tab.
- Click the ADD ACCOUNT button and Select Microsoft Sentinel from the available integrations.
- Create the Integration:
- set
ACCOUNT NAMEto a descriptive name that identifies the integration then click Next - Enter your
WORKSPACE IDandPRIMARY KEYfrom the fields below, click Save - Click Done
- Threat Policy setup (Which Incidents should be reported to
Microsoft Sentinel):
- In Better MTD Console, click on Policies on the side bar
- Click on the Edit button of the Policy that you are using.
- For each Incident types that you want to be logged go to Send to Integrations field and select Sentinel
- For additional information, please refer to our Documentation.
Next steps
For more information, go to the related solution in the Azure Marketplace.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for