In this article, we will focus on how to Integrate Microsoft Defender XDR and Microsoft Sentinel and perform SIEM Activities in one place on Microsoft Defender Portal – https://security.microsoft.com/

n

n

It would be great to focus on Microsoft 365 Activities and get it done easily without checking multiple portals. Let's begin,

n

n

Note: If you're new to Microsoft Sentinel and would like to learn how to deploy Microsoft Sentinel – Refer to previous Multi-part article series – Microsoft Sentinel Implementation a Deep Dive- Part 1: Workspace Deployment

n

Installing and Configuring Microsoft Defender XDR Connector for Microsoft Sentinel

n

Log on to https://portal.azure.com and go to Microsoft Sentinel –> Content Management –> Content hub

n

Search for Microsoft Defender XDR Data connector

n

SIEM-1

n

Click on Install

n

SIEM-2

n

Click on Manage once the installation completed

n

SIEM-3

n

Click on Connect Incidents & alerts

n

SIEM-4

n

Select the activities to collect the logs for Sentinel

n

SIEM-5

n

Click on Apply Changes

n

SIEM-22

n

Ingrate SIEM and XDR in One Place

n

Go to https://security.microsoft.com/ and click on Connect a Workspace

n

SIEM-7

n

Select the Sentinel Workspace and Click on Next

n

n

Click on Connect

n

SIEM-10

n

Now it will take a few moments to connect the Microsoft Log Analytics workspace

n

SIEM-11

n

you can see it has connected to the workspace without any issues

n

SIEM-13

n

Validation of the logs and Incidents

n

Go to https://security.microsoft.com/  –> Advanced Hunting

n

Click on Start Hunting

n

SIEM-16

n

Select signinLogs and click on Run query

n

you can see the results. if that is the case, we have successfully connected and able to get it SIEM: Microsoft Sentinel in the Microsoft Security Portal itself without any issues

n

SIEM-19

n

if any incidents occur for Microsoft 365, it will be shown in the Microsoft Security Portal.

n

n

Let's talk about them in the upcoming articles. Until then, Ta ta!!

Author

Leave a comment

Your email address will not be published. Required fields are marked *