Microsoft Graph Security API alert ingestion integration
-
- UpdatedAug 1, 2024
- 1 minute read
- Xanadu
- Security Incident Response integrations
Use the Microsoft Graph Security API integration to ingest alerts from Microsoft Graph security providers and automatically create security incidents.
Overview
The Microsoft Graph Security API is an intermediary service (or broker) that provides a single programmatic interface for connecting multiple security providers (Native to Microsoft as well as ServiceNow Partners).
The Microsoft Graph Security API integration addresses these issues by using the Microsoft Graph Security API to connect with different Microsoft security technologies like Azure Sentinel, Microsoft Defender Advanced Threat Protection, and Azure Advanced Threat Protection. Alerts from Microsoft Security providers are ingested and security incidents are automatically created in Security Incident Response.
Key features
- Discovery of Microsoft Graph Security API alerts that are candidates for security incidents and automate the creation of security incidents.
- Mapping of alert fields to security incident fields.
- Aggregation of similar alerts to existing open security incidents instead of creating duplicate security incidents.
- Preview alert field values and validate their mappings in the security incident.
- Automatic alert status update for security incident creation and closure.
- Set up scheduled ingestion of alerts to create security incidents periodically.