Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

About the Device

The Microsoft Graph Security API provides a unified interface and schema to integrate with security solutions from Microsoft and ecosystem partners. This empowers customers to streamline security operations and better defend against increasing cyber threats.

Device Information

 Entity

Particulars

Vendor Name

Microsoft

Product Name

Graph

Type of Device

Cloud

Collection Method

Log Type

 Ingestion label

Preferred Logging Protocol - Format

Log Collection Method

Data Source

 Microsoft Graph API Alerts

MICROSOFT_GRAPH_ALERT

JSON

C2C

https://cloud.google.com/chronicle/docs/reference/feed-management-api#microsoft-graph-alert

Device configuration

  1. Sign in to Azure portal

  2. Navigate to Microsoft Entra ID

image-20240327-073927.png
  1. Click App registrations

image-20240327-074127.png

4.Click New registration. Create an application as shown below

image-20240327-074658-20240327-102322.png

5.Copy Client ID and Tenant ID, these will be required for integration.

image2020-8-19_11-53-38-20240327-102327.png

6.Click API permissions

image2020-8-19_12-2-47-20240327-022848.png

7.Click Add a permission and then select Microsoft Graph

image2020-8-19_12-3-48-20240327-022934.png

8.Click Application permissions

image-20240327-080902.png
  1. Please grant SecurityAlert.Read.All permission.

  2. On the next screen, click Grant Admin consent for Default Directory

image2020-8-19_12-20-49-20240327-023010.pngimage2020-8-19_12-24-15-20240327-023044.png
  1. Click on Certificates & secrets

image2020-8-19_12-25-41-20240327-023108.png
  1. Click on New Client secret, Create a new key as shown below

image2020-8-19_12-26-57-20240327-023148.png
  1. Copy the Secret Value displayed, this will be required for integration.

image2020-8-19_12-28-56-20240327-023252.png

Secret Value will be displayed only once, so make sure to copy it first before leaving this page.

Integration Parameters

Parameters required from customer for Integration.

Property

Default Value

Description

OAUTH CLIENT ID

N/A

Specify the client ID of the Entra ID application to use for the integration.

OAUTH CLIENT SECRET

N/A

Specify the client secret value (not the secret ID!) of the Entra ID app
to use for the integration.

TENANT ID

N/A

Specify the Entra ID (tenant ID).
To find it, go to the Entra ID page > App Registration >
Application you configured for your integration >
Directory (tenant) ID.

API FULL PATH

graph.microsoft.com/beta/security/alerts_v2

API full path

API AUTHENTICATION ENDPOINT

login.microsoftonline.com

 The Microsoft Active Directory authentication endpoint.
Example: https://login.microsoftonline.com/{tenantId}/oauth2/token
Mention the TenantID in the above URL and provide it.

ASSET NAMESPACE

N/A

 To assign an asset namespace to all events that are ingested from a particular feed, set the "namespace" field within details. The namespace field is a string.

  • No labels