Forum Discussion
Azure ATP alerts from MCAS and Graph
Hi, for my current customer we are trying to integrate O365 ATP and Azure ATP alerts into their current SIEM. we have enabled the MCAS integration for Azure ATP. this enables us to get the security ...
Thanks for that! is there a list of those ID's that we van map back to an Alert? like there is for the externalID in the syslog messages? as i assume it is still not advised to filter on descriptions as these might be updated.
thanks.
All the unique ids have now been documented here: https://docs.microsoft.com/en-us/azure-advanced-threat-protection/suspicious-activity-guide?tabs=external#security-alert-name-mapping-and-unique-external-ids
See the Cloud App Security IDs tab for the names you see via MCAS and the Graph API.
