Microsoft Defender ATP

Microsoft Defender ATP enables you to fetch and analyze logs from Microsoft Defender for Endpoint (previously named Microsoft Defender ATP). Logpoint aggregates and normalizes Microsoft Defender for Endpoint logs so you can analyze the information through the LP_MicrosoftDefenderATP dashboard. The dashboard visualizes the incident details for threat types, attack categories, hosts and other event details detected in your network. You can customize the dashboard to perform in-depth analysis by adjusting the data and searches.

Release Details

Version: 5.2.1

Release date: 16th December, 2025

Supported On: Logpoint 7.8.0 and Director v2.9.0

Documentation: Microsoft Defender ATP, Microsoft Defender XDR For Director Console UI, Microsoft Defender XDR for Director Console API

SHA 256: 9fa5eb7139c1ff085d2425658a65e9cda1dc325cc24542788246e3e483476e2b

Download

Package Details

Microsoft Defender ATP Components:

1. Fetcher
  - MicrosoftDefenderATPFetcher
2. Compiled Normalizer
  - MicrosoftDefenderATPCompiledNormalizer
3. Log Source Template
  - MicrosoftDefenderATP
4. Search Templates
  - LP_Microsoft Defender for Endpoint

Enhancement

Description	Issue ID
The alert_name field now displays as alert in the dashboard to maintain consistency.	PLUG-16540

Past Releases

Microsoft Defender ATP v5.2.0

Release Date:

Version: 5.2.0

Release date: 30th October, 2024

SHA 256: f375cbcda540cf470c01d75b1a9c217331fd19292ae6a19cc4cc8274764020b3

Documentation: Microsoft Defender ATP guide

Download: MicrosoftDefenderATP_5.2.0.pak

Enhancements

Description

Issue ID

Reference ID

You can now configure Microsoft Defender ATP from Log Sources, which provides a centralized user interface for all the configurations of log collection.

PLUG-11799

The taxonomy for Microsoft Defender ATP normalizer is mapped as follows:

Microsoft Defender ATP Fields	Logpoint Fields
severity	risk_level
detectionSource	detection_source
title	alert
resolvedTime	resolved_ts

KB-24551

Microsoft Defender ATP v5.1.1

Release Date: May 04, 2023

Version: 5.1.1

Release date: 2023-10-09

Document date: 2023-10-09

SHA 256: f1909f8bc342852c38811b625d6e5269070134fb9b0cf2994958d8fc9ef23772

Documentation: Microsoft Defender ATP guide

Download: MicrosoftDefenderATP_5.1.1.pak

Enhancements

Description	Issue ID	Reference ID
Added a new LP_Microsoft Defender for Endpoint search template.	KB-21342	-
Updated the query of ATP - Details and Threats Detected widgets in the LP_MicrosoftDefenderATP dashboard.
Removed the following generic and redundant alert rules: LP_MicrosoftDefenderATP Execution Detected LP_MicrosoftDefenderATP Partial Remediation LP_MicrosoftDefenderATP Initial Access Attempt Detected LP_MicrosoftDefenderATP Potentially Unwanted Software Detected LP_MicrosoftDefenderATP Defense Evasion Detected LP_MicrosoftDefenderATP Malware Detected

Microsoft Defender ATP v5.1.0

Version:5.1.0

Release date:2022-06-07

Document date:2022-06-07

SHA 256: 247e8a8426d5236287e6aac2d3d62637f8245871d8a96233b46bc5ca392864dc

Documentation:Microsoft Defender ATP guide

Download: MicrosoftDefenderATP_5.1.0.pak

Enhancements

Description	Issue ID	Reference ID
Microsoft Defender ATP now supports Microsoft Defender for Endpoint API	PLUG-8609	63280, 64539, 64578, 64672, 65030, 65143, 65567, 65610, 65922, 66265, 66481, 66658
The security components of Microsoft Defender ATP have been updated to support its latest upgrade.	KB-16846	-

Support

If you have any questions or require assistance, create a support ticket.