cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Unified Security Operation Sentinel Vs Defender Tables

ahmad_zuhd
Copper Contributor

‎Jul 09 2024 06:33 AM - edited ‎Jul 09 2024 06:58 AM

‎Jul 09 2024 06:33 AM - edited ‎Jul 09 2024 06:58 AM

Unified Security Operation Sentinel Vs Defender Tables

I have a question regarding the Unified SOC portal. In the session below, they highlighted one advantage: the ability to use Defender and Sentinel Tables together. However, both the SignInLogs and DeviceLogonEvents tables are already accessible in Sentinel through the Defender connector. Am I missing something, or did they use an incorrect example to demonstrate an advantage that Sentinel already provides?

 

Unified Security Operations Platform GA launch and exclusive demo 

483 Views
0 Likes
4 Replies
Reply
4 Replies
Coisy1520

‎Jul 09 2024 06:43 AM

‎Jul 09 2024 06:43 AM

Re: Unified Security Operation Sentinel Vs Defender Tables

Bonjour j'ai un souci avec Windows 11 quand je les allumer et j'ai tapé le mot passe je les retrouver en mode échec Comment faire pourvoir trouver les font d'écran merci d'avance
0 Likes
Reply
cyb3rmik3

‎Jul 10 2024 12:41 AM

‎Jul 10 2024 12:41 AM

Re: Unified Security Operation Sentinel Vs Defender Tables

@ahmad_zuhd hi,

 

Technically, this example is not wrong as you may not be feeding into Sentinel the DeviceLogonEvents tables. While all tables available in XDR can be forwarded to Sentinel, that doesn't mean you've checked the relevant boxes by default in the connector. On the other hand, having a common space for Sentinel and XDR (Unified SOC) allows building queries which would include both SignInLogs and DeviceLogonEvents tables.

 

On a broader perspective, through Unified Security Operations you may want to pivot between XDR and Sentinel far more less, you can build both detection rules (XDR) and analytics (Sentinel), have access to your workbooks, perform threat hunting and many other Sentinel functionalities into the XDR portal. 

 

I hope this answered your question.

 

If I have answered your question, please mark your post as Solved

If you like my response, please consider giving it a like

 

 

1 Like
Reply
ahhann

‎Jul 10 2024 02:30 AM

‎Jul 10 2024 02:30 AM

Re: Unified Security Operation Sentinel Vs Defender Tables

Echo to this, not all environment have the budget to ingest Device****** events into Sentinel, given the huge volume of events it produced. Thus you have an option right now to both save cost + correlating the information from Sentinel end, under the Unified SOC portal.
You need to look into the monetary benefits of this integration as well, not only technical feasibility.
Hope my 2 cent helps.
1 Like
Reply
ahmad_zuhd

‎Jul 10 2024 02:55 AM - edited ‎Jul 10 2024 08:43 AM

‎Jul 10 2024 02:55 AM - edited ‎Jul 10 2024 08:43 AM

Re: Unified Security Operation Sentinel Vs Defender Tables

Logically, this makes sense regarding the cost, but it will reduce Microsoft's revenue from data ingestion. This suggests that Microsoft will need to find another revenue channel, which will hopefully come from increased sales, but could also come from charging per API call to the analytics workspace, which is not clear till now.

 

Can anyone from Microsoft clarify if there will be a cost when enabling Unified SOC by any way?

0 Likes
Reply