Get the User Risk Score




In order to perform some SOAR, I would like to know how I could get the data link from the UEBA.




For instance, how I can get:

  • User Threat: Investigation priority
  • User Threat: Identity risk level
  • User Threat: Lateral movement paths
  • User Threat: Alerts

Is it possible using one of Microsoft API? A Logic App Connector?


Kind Regards,



1 Reply



Hi Thomas, 


Are you trying to better understand how to configure each feature or how to send the information to SIEM?