In this article, we will focus on how to Integrate Microsoft Defender XDR and Microsoft Sentinel and perform SIEM Activities in one place on Microsoft Defender Portal – https://security.microsoft.com/
n
n
It would be great to focus on Microsoft 365 Activities and get it done easily without checking multiple portals. Let's begin,
n
n
Note: If you're new to Microsoft Sentinel and would like to learn how to deploy Microsoft Sentinel – Refer to previous Multi-part article series – Microsoft Sentinel Implementation a Deep Dive- Part 1: Workspace Deployment
n
Installing and Configuring Microsoft Defender XDR Connector for Microsoft Sentinel
n
Log on to https://portal.azure.com and go to Microsoft Sentinel –> Content Management –> Content hub
n
Search for Microsoft Defender XDR Data connector
n
n
Click on Install
n
n
Click on Manage once the installation completed
n
n
Click on Connect Incidents & alerts
n
n
Select the activities to collect the logs for Sentinel
n
n
Click on Apply Changes
n
n
Ingrate SIEM and XDR in One Place
n
Go to https://security.microsoft.com/ and click on Connect a Workspace
n
n
Select the Sentinel Workspace and Click on Next
n
n
Click on Connect
n
n
Now it will take a few moments to connect the Microsoft Log Analytics workspace
n
n
you can see it has connected to the workspace without any issues
n
n
Validation of the logs and Incidents
n
Go to https://security.microsoft.com/ –> Advanced Hunting
n
Click on Start Hunting
n
n
Select signinLogs and click on Run query
n
you can see the results. if that is the case, we have successfully connected and able to get it SIEM: Microsoft Sentinel in the Microsoft Security Portal itself without any issues
n
n
if any incidents occur for Microsoft 365, it will be shown in the Microsoft Security Portal.
n
n
Let's talk about them in the upcoming articles. Until then, Ta ta!!