Forum Discussion

Zzhaoxi's avatar
Zzhaoxi
Copper Contributor
Feb 19, 2023

Tables in Sentinel and Schemas in MS365

Just wondering if there is any common data between Sentinel and MS365?

I can easily get file certificate information from schemas in MS365 but it is hardly to find the information from any tables when work in sentinel.

But sometimes I use same query will get same result. 

Could someone kindly share some ideas on that part? Or do you have any idea where can we find file certificate information in Sentinel?

That will help me a lot, thanks so much!

Log Analytics
microsoft defender for cloud
microsoft sentinel
  • Clive_Watson's avatar
    Clive_Watson
    Bronze Contributor
    Feb 20, 2023
    So in M365 you have the Devicennnnnn Tables - I assume its in there you are looking?
    These Tables can optionally be brought into Sentinel (at a cost), so have you done that (if not you may not have the data)? Look at the "Microsoft 365 Defender" connector in Sentinel.
    The main schema difference: is TimeStamp --> TimeGenerated within Sentinel - so if the M365 query has that you will have to correct it in Seninel.
    • Zzhaoxi's avatar
      Zzhaoxi
      Copper Contributor
      Mar 29, 2023
      Hello, sorry for late replying, I failed to log on to this community due to network issue, have tried according to your answer, it resolves my problem ,thanks so much~ Amazing answer: )

Resources