Microsoft Defender ATP is an endpoint security platform that prevents, detects and responds to security threats within enterprise networks. It enables you to fetch and analyze Microsoft Defender ATP logs. Logpoint aggregates and normalizes Microsoft Defender ATP logs so you can analyze the information through the LP_MicrosoftDefenderATP dashboard. The dashboard provides visualization of incident details for threat types, attack categories, hosts and other event details detected in your network. You can customize the dashboard to suit your needs and perform in-depth analysis by adjusting the data and searches.
When Logpoint identifies threats, malware or malicious events with a potential risk, it triggers security alerts based on predetermined rules. The automated alerts enable you to detect potential threats, malware, or malicious events early and take corrective actions against them.
Microsoft Defender ATP consists of the following components:
MicrosoftDefenderATPFetcher
MicrosoftDefenderATPCompiledNormalizer
LP_MicrosoftDefenderATP Execution Detected
LP_MicrosoftDefenderATP Partial Remediation
LP_MicrosoftDefenderATP Initial Access Attempt Detected
LP_MicrosoftDefenderATP Potentially Unwanted Software Detected
LP_MicrosoftDefenderATP Defense Evasion Detected
LP_MicrosoftDefenderATP Malware Detected