IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

MS Graph Security API options

1. MS Graph Security API options

Like
Another Engineer
Posted Tue May 23, 2023 01:24 PM

Reply
Simple inquiry: I would like to pull all Microsoft 365 Defender alerts (a) or incidents (b) into Qradar through the Graph Security API.

Challenge with (a):
AAD Identity Protection alerts (Risky Login etc.) have to be pulled through a different API call than the other (Defender 365) alert services. See Use the Microsoft Graph identity protection APIs - Microsoft Graph v1.0.
Namely GET ../identityProtection/riskDetections vs. the DSM default GET /security/alerts_v2.
Is there any way to modify the Graph Security API implementation in Qradar to add such API call?

Challenge with (b):
Similar to above, pulling incidents requires a different API call (see List incidents - Microsoft Graph v1.0 ).

How did you achieve any of the above with Qradar?

------------------------------
Another Engineer
------------------------------

IBM QRadar

MS Graph Security API options

1. MS Graph Security API options

Additional
Resources

Office

Quick Links

IBM QRadar

MS Graph Security API options

1. MS Graph Security API options

Related Content

IBM Security QRadar and Microsoft technology integrations

IBM QRadar and Microsoft Defender New Integration Release

QRadar Best Practices – Microsoft Azure and Office 365

Microsoft Graph Security API

Transforming Identity Security: Integrating PingIdentity PingFederate with IBM Security QRadar

Additional Resources

Office

Quick Links

Additional
Resources