IBM and Microsoft have formed a strategic alliance to help organizations achieve holistic enterprise-wide threat management. As a result, IBM Security and Microsoft are continuously delivering new joint functionality to help our mutual customers secure their environments.
Currently, IBM Security QRadar supports nearly twenty Microsoft products, with more to come this year, unlocking a volume of threat management use cases. Among some of the Microsoft products we support are:
- Microsoft 365 Defender
The IBM QRadar Microsoft 365 Defender® DSM collects events from a Microsoft 365 Defender service by using the Microsoft Azure Event Hubs protocol to collect Streaming API data. You can use the Defender for Endpoint SIEM REST API protocol to collect alerts and device events from a Microsoft 365 Defender service.
- Microsoft Azure Active Directory
The IBM QRadar DSM for Microsoft Azure Active Directory Audit logs collects events such as user creation, role assignment, and group assignment events. The Microsoft Azure Active Directory Sign-in logs collects user sign-in activity events.
- Microsoft Azure Platform
The IBM QRadar DSM for Microsoft Azure Platform parses events from the Microsoft Azure Activity log.
- Microsoft Defender for Cloud
The IBM QRadar DSM for Microsoft Defender for Cloud collects JSON events from a Microsoft Defender for Cloud. Events can be collected by using the Microsoft Graph Security API protocol and the Microsoft Azure Event Hubs protocol.
- Microsoft Endpoint Protection
The Microsoft Endpoint Protection DSM for IBM QRadar collects malware detection events.
- Microsoft Office 365
The IBM QRadar DSM for Microsoft Office 365 collects events from Microsoft Office 365 online services.
- Microsoft Windows Security Event Log
The IBM QRadar DSM for Microsoft Windows Security Event Log accepts syslog events from Microsoft Windows systems. All events, including Sysmon and winlogbeats.json, are supported.
There is a variety of crucial security use cases our teams help address with our technology integrations. So we invite you to explore them all at IBM Security Devise Support Module (DSM) Guide.
IBM Security also offers a number of applications for Microsoft on IBM App Exchange, such as IBM Security QRadar custom properties for Office 365, or Microsoft Azure Defender for IBM Security SOAR.
And if you didn't find a certain functionality among that list, please share your feedback by submitting a new feature request via IBM Security Ideas Portal.
We are dedicated to the success of our clients by combining the best of our products and services. We create and jointly go to market with innovative solutions where we serve our clients better as a team than when we operate alone. Because security is a team sport.