Get the User Risk Score

%3CLINGO-SUB%20id%3D%22lingo-sub-1157755%22%20slang%3D%22en-US%22%3EGet%20the%20User%20Risk%20Score%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1157755%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20order%20to%20perform%20some%20SOAR%2C%20I%20would%20like%20to%20know%20how%20I%20could%20get%20the%20data%20link%20from%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Ftutorial-ueba%23risk-score%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EUEBA%3C%2FA%3E.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22user-page%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F169580iCDA4F32070A53E94%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22user-page%22%20alt%3D%22user-page%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20instance%2C%20how%20I%20can%20get%3A%3C%2FP%3E%3CUL%3E%3CLI%3EUser%20Threat%3A%20Investigation%20priority%3C%2FLI%3E%3CLI%3EUser%20Threat%3A%20Identity%20risk%20level%3C%2FLI%3E%3CLI%3EUser%20Threat%3A%20Lateral%20movement%20paths%3C%2FLI%3E%3CLI%3EUser%20Threat%3A%20Alerts%3C%2FLI%3E%3C%2FUL%3E%3CP%3EIs%20it%20possible%20using%20one%20of%20Microsoft%20API%3F%20A%20Logic%20App%20Connector%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EKind%20Regards%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThomas%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1157755%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1187627%22%20slang%3D%22en-US%22%3ERe%3A%20Get%20the%20User%20Risk%20Score%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1187627%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F308071%22%20target%3D%22_blank%22%3E%40thomasdefise%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHi%20Thomas%2C%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAre%20you%20trying%20to%20better%20understand%20how%20to%20configure%20each%20feature%20or%20how%20to%20send%20the%20information%20to%20SIEM%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hello,

 

In order to perform some SOAR, I would like to know how I could get the data link from the UEBA.

 

user-page

 

For instance, how I can get:

  • User Threat: Investigation priority
  • User Threat: Identity risk level
  • User Threat: Lateral movement paths
  • User Threat: Alerts

Is it possible using one of Microsoft API? A Logic App Connector?

 

Kind Regards,

 

Thomas

1 Reply

@thomasdefise 

 

Hi Thomas, 

 

Are you trying to better understand how to configure each feature or how to send the information to SIEM?