Reputation: 11
Connecting alerts and SIEM with Microsoft Graph data
Is there any guidance for integrating my SIEM (security information and event management system with) Microsoft Graph to connect my security alerts with other Microsoft Graph entities?
Upvotes: 1
Views: 663
Answers (2)
Reputation: 177
I've published a cross-platform solution into GitHub (https://github.com/tamhinsf/AzureMonitor4Siem) that includes instructions and a script to automate the setup of the Azure Monitor -> Event Hub data pipeline, and a cross-platform .NET Core-based application that connects to Event Hub to download the Azure activities sent to it.
You can use it as a simple solution to perform a file-based integration with a SIEM of your choice.
Additionally, it's another path to validate Graph Security driven alerts into the Monitor -> Event Hub pipeline.
Upvotes: 0
Reputation: 783
Microsoft Graph integration docs are located here. Currently there is no documentation out there about security or SIEMs, but I believe there will be something announced eminently.
Upvotes: 2
Related Questions
- Microsoft Graph API for OOO message
- Dismiss Security Center Alert using Graph API
- Authorization Token for Azure Security Center to dismiss the alerts
- Secure multi-tenant access to MS Graph with ConfidentialClientApplication
- Microsoft Graph Security API - Issue with https://graph.microsoft.com/beta/security/tiIndicators
- Ingesting Office 365 Alerts with Graph Security API: Set permissions in Azure AD
- /security/alerts not returning from Azure Identity Protection (IPC)
- Webhook notifications with Microsoft Graph API
- Rich Notifications Microsoft Graph
- Microsoft Graph Webhooks and multi-tenant notifications?