Insert logs from Defender XDR to SIEM | Voters

Insert logs from Defender XDR to SIEM

Jerry Meyer

It would be great to use the MDR connector or something related to ingest logs from Defender XDR to the SIEM solution.

June 4, 2024

Joel DeTeves

This would be huge, we exclusively use Business Premium and Huntress SIEM would be

chef's kiss

if it could ingest Defender XDR logs

Anthony Rankine

This would be excellent. Microsoft currently charging $9.55 per GB into Sentinel for defender data. SecurityAlert and SecurityIncident are free but the rest of the data tables are chargeable. They have basic logs but that is rather limited.

We're looking at removing Defender for Endpoint P2 license and running with Defender for Business (as part of Bus Premium). But this does remote the DeviceEvents type tables in advanced hunting. So I wonder if that P2 license would be required for Huntress to pull the data. Without the P2 license there are stil other tables in the schme like TVM, Email, Sign-in logs etc. So still valuable.