Apr 01 2021
Apr 02 2021
we are currently evaluating MCAS and i am having a bit of a hard time figuring out which of the Logs Ingestion options makes sense.
According to the official documentation either integration with MDE (Defender for Endpoint) or the Log Collector can be used to continuously upload network logs.
So my question is - If we already have MDE in our organization, do we still need Log Collector data or would it just provide duplicate information?
Thanks in advance,