The Defender (EP) messages in ConfigMgr should be accessible to a SIEM system
at the moment all the AV messages are in ConfigMgr, but if there is an outbreak there is only one way, via mail about alerting in CM, or we can configure StatusMessage rules to start something. Can we have a option to grab that infos to a SIEM like sentinel to get faster response about an outbreak? We need also reporting (very slow) and other mechanism in ConfigMgr that are very slow, but alerts in this case should be faster, like CM-Pivot automation to send some info's directly to a SIEM system, to get more possibility's.
Thomas Kurth commented
currently I had to solve it by a powershell script which pushed the messages to a SIEM and was started by a task scheduler ever 5min