SIEM and XDR in one place

In this article, we will focus on how to Integrate Microsoft Defender XDR and Microsoft Sentinel and perform SIEM Activities in one place on Microsoft Defender Portal – https://security.microsoft.com/

It would be great to focus on Microsoft 365 Activities and get it done easily without checking multiple portals. Let’s begin,

Note: If you’re new to Microsoft Sentinel and would like to learn how to deploy Microsoft Sentinel – Refer to previous Multi-part article series – Microsoft Sentinel Implementation a Deep Dive- Part 1: Workspace Deployment

Installing and Configuring Microsoft Defender XDR Connector for Microsoft Sentinel

Log on to https://portal.azure.com and go to Microsoft Sentinel –> Content Management –> Content hub

Search for Microsoft Defender XDR Data connector

Click on Install

Click on Manage once the installation completed

Click on Connect Incidents & alerts

Select the activities to collect the logs for Sentinel

Click on Apply Changes

Ingrate SIEM and XDR in One Place

Go to https://security.microsoft.com/ and click on Connect a Workspace

Select the Sentinel Workspace and Click on Next

Click on Connect

Now it will take a few moments to connect the Microsoft Log Analytics workspace

you can see it has connected to the workspace without any issues

Validation of the logs and Incidents

Go to https://security.microsoft.com/  –> Advanced Hunting

Click on Start Hunting

Select signinLogs and click on Run query

you can see the results. if that is the case, we have successfully connected and able to get it SIEM: Microsoft Sentinel in the Microsoft Security Portal itself without any issues

if any incidents occur for Microsoft 365, it will be shown in the Microsoft Security Portal.

Let’s talk about them in the upcoming articles. Until then, Ta ta!!

Author

Leave a comment

Your email address will not be published. Required fields are marked *