Forum Discussion
Azure Active Directory Identity Protection SIEM integration
Hi all We would like to integrate our AADIP system with QRadar platform, in order to forward alerts directly to the SIEM dashboard. To do this we would like to use the DSM connector available in the...
You might want to try the QRadar's integration with Graph API:
https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/com.ibm.dsm.doc/c_logsource_Microsoft_Graph_Security_protocol.html
The benefit is QRadar will then receive events and alert from all your Microsoft security tooling, and through the single Graph API endpoint. If you're using more than AADIP this has to be a good thing 
.
The potential downside is it will be necessary to write the parsing rules in QRadar, as this is something IBM haven't provided yet.
I am setting this up in our environment and will let you know how we get on if you're interested.