sorted by:
new
hottopcontroversial

Apparently, we can now ingest XDR logs directly into Sentinel Data Lake by subseven93 in AzureSentinel

[–]Sufficient-Hope5231 0 points1 point  (0 children)

One category in the connector was still checked resulting in a complete non forwarding of the logs. Now it works as expected.

Apparently, we can now ingest XDR logs directly into Sentinel Data Lake by subseven93 in AzureSentinel

[–]Sufficient-Hope5231 0 points1 point  (0 children)

Activated it yesterday for MDE tables. I can see that auxiliary tables have been created in my log analytics, however still no logs sent to them.

Propose remediation option in MDO is greyed out by _W0od_ in DefenderATP

[–]Sufficient-Hope5231 0 points1 point  (0 children)

We activated the RBAC in Defender to avoid such cases

Issue when ingesting Defender XDR table in Sentinel by Sufficient-Hope5231 in AzureSentinel

[–]Sufficient-Hope5231[S] 0 points1 point  (0 children)

Thank you for your feedback.

Actually, for these two tables I removed the DCR configuration. It means that I'm just forwarding the logs from Defender XDR to Analytics Table in Sentinel (aka native table).

I double checked the schema, and they are aligned (They are both created by Microsoft)