Connect with experts and redefine what’s possible at work – join us at the Microsoft 365 Community Conference May 6-8. Learn more >

Defender Advanced Threat Protection

10 Topics

Comprehensive AI Safety and Security with defense in depth for Enterprises

Jaswant_Singh
Jul 12, 2024 Place Healthcare and Life Sciences Blog
2.5KViews
3likes
2Comments
Export Microsoft Defender event data to a log analytics workspace
In the Defender ATP portal (securitycenter.windows.com) it is possible to create custom detections, but the smallest time frame is 1 hour. Even though 1 hour is better than the mean time to detection of a breach reported via Ponemon, Verizon, etc. I'm trying to cut that down even further by piecing together different Azure cloud services i.e. Event Hubs, Blob Storage, Search Services, Log Analytics, etc. Is there a way to leverage the raw streaming API and perform searching with a log analytics workspace? This would speed up detection to within 5 minutes of an event occurring rather than 1 hour
kpsmiley23
Sep 23, 2020 Place Microsoft Defender for Endpoint
2.3KViews
1like
0Comments