locked
MCAS, Azure AD Logs to Sentinel RRS feed

  • Question

  • Hi, 

    We got E5 license and planning to extend our security monitoring through multiple MS tools and technologies. We are going to deploy Sentinel for our Prod network but I have bit confusion and I hope I will get my answer. 

    So we are suggested to send logs/alerts from Azure AD, MCAS, Azure Security Center and other ATP related tools to Sentinel but I was thinking how to avoid duplicated logs to Sentinel? As per I understand if we send all logs/alerts from Azure AD to Sentinel then it would be best because rest of tools such as MCAS are also doing all analysis based on Azure AD. Need advice on it. 

    Thanks,

    Taran

    Sunday, August 16, 2020 7:03 PM