Microsoft Defender ATP

Microsoft Defender ATP enables you to fetch and analyze logs from Microsoft Defender for Endpoint (previously named Microsoft Defender ATP). Logpoint aggregates and normalizes Microsoft Defender for Endpoint logs so you can analyze the information through the LP_MicrosoftDefenderATP dashboard. The dashboard visualizes the incident details for threat types, attack categories, hosts and other event details detected in your network. You can customize the dashboard to perform in-depth analysis by adjusting the data and searches.

Release Details

Version: 5.2.0

Release date: 30th October, 2024

Supported On: Logpoint v7.4.0 and later

Documentation: Microsoft Defender ATP

SHA 256: f375cbcda540cf470c01d75b1a9c217331fd19292ae6a19cc4cc8274764020b3

Download

Package Details

Microsoft Defender ATP Components:

1. Fetcher
  - MicrosoftDefenderATPFetcher
2. Compiled Normalizer
  - MicrosoftDefenderATPCompiledNormalizer
3. Log Source Template
  - MicrosoftDefenderATP
4. Search Templates
  - LP_Microsoft Defender for Endpoint

Enhancements

Description

Issue ID

Reference ID

You can now configure Microsoft Defender ATP from Log Sources, which provides a centralized user interface for all the configurations of log collection.

PLUG-11799

The taxonomy for Microsoft Defender ATP normalizer is mapped as follows:

Microsoft Defender ATP Fields	Logpoint Fields
severity	risk_level
detectionSource	detection_source
title	alert
resolvedTime	resolved_ts

KB-24551

Change in the Previous Version

Changes in Microsoft Defender ATP v5.1.1

Release Date: May 04, 2023

Version: 5.1.1

Release date: 2023-10-09

Document date: 2023-10-09

SHA 256: f1909f8bc342852c38811b625d6e5269070134fb9b0cf2994958d8fc9ef23772

Documentation: Microsoft Defender ATP guide

Download: MicrosoftDefenderATP_5.1.1.pak

Enhancements

Description	Issue ID	Reference ID
Added a new LP_Microsoft Defender for Endpoint search template.	KB-21342	-
Updated the query of ATP - Details and Threats Detected widgets in the LP_MicrosoftDefenderATP dashboard.
Removed the following generic and redundant alert rules: LP_MicrosoftDefenderATP Execution Detected LP_MicrosoftDefenderATP Partial Remediation LP_MicrosoftDefenderATP Initial Access Attempt Detected LP_MicrosoftDefenderATP Potentially Unwanted Software Detected LP_MicrosoftDefenderATP Defense Evasion Detected LP_MicrosoftDefenderATP Malware Detected

Changes in Microsoft Defender ATP v5.1.0

Version:5.1.0

Release date:2022-06-07

Document date:2022-06-07

SHA 256: 247e8a8426d5236287e6aac2d3d62637f8245871d8a96233b46bc5ca392864dc

Documentation:Microsoft Defender ATP guide

Download: MicrosoftDefenderATP_5.1.0.pak

Enhancements

Description	Issue ID	Reference ID
Microsoft Defender ATP now supports Microsoft Defender for Endpoint API	PLUG-8609	63280, 64539, 64578, 64672, 65030, 65143, 65567, 65610, 65922, 66265, 66481, 66658
The security components of Microsoft Defender ATP have been updated to support its latest upgrade.	KB-16846	-

Support

If you have any questions or require assistance, create a support ticket.