Microsoft Defender ATP enables you to fetch and analyze logs from Microsoft Defender for Endpoint (previously named Microsoft Defender ATP). Logpoint aggregates and normalizes Microsoft Defender for Endpoint logs so you can analyze the information through the LP_MicrosoftDefenderATP dashboard. The dashboard visualizes the incident details for threat types, attack categories, hosts and other event details detected in your network. You can customize the dashboard to perform in-depth analysis by adjusting the data and searches.
Important
We recommend using Microsoft Defender XDR instead of Microsoft Defender ATP, as it will be deprecated in the near future. Microsoft Defender XDR provides centralized security management and enhanced protection.
You can configure Microsoft Defender ATP from Log Source Template or Devices. We recommend you configure it from log source as it provdes a centralized User Interface for all the configurations.
Supported Devices/Sources
Microsoft Defender ATP
Microsoft Defender for Endpoint API
Microsoft Defender ATP Components
MicrosoftDefenderATPFetcher
MicrosoftDefenderATPCompiledNormalizer
LP_Microsoft Defender for Endpoint
MicrosoftDefenderATP