New partnerships with innovative leaders helps you fight advanced threats!

Published Jun 16 2020 07:12 AM 5,638 Views

Designed to deliver best-of-breed security, Microsoft Defender Advanced Threat Protection (ATP) has crafted a highly extensible platform with a vast set of APIs that allows both customers and partners to extend the power of their combined solutions.

We’re thrilled to announce our latest integration with Splunk Enterprise and ServiceNow Security Operations, aimed to optimize your existing processes and workflows and maximize the efforts of your overworked security staff!

In this blog we’ll cover our latest partner integrations. In addition to these new partners, the latest applications to be featured in the Microsoft Defender ATP partner application catalogue improve threat protection against sophisticated attacks while addressing new use cases. The catalogue now includes new partners for network threat detection and response, network modeling and risk prioritization, advanced forensics collection, healthcare visibility and security.

We encourage you to explore the new innovative  Microsoft Defender ATP partner application catalogue that is part of the broader Microsoft Intelligent Security Association (MISA). Outlined below are the specifics of these integrations:

Splunk Enterprise | Security information and event management

Splunk is a market leader in analyzing machine data designed to investigate, monitor, analyze, and act on data at any scale. Splunk recently partnered with Microsoft Defender ATP to develop a new add-on that allows our joint customers to easily integrate security alerts in Splunk Enterprise. Security alerts and related evidence ingested through this add-on are mapped to the Splunk Common Information Model, which allows you to easily integrate the alerts into your existing processes and dashboards.


Splunk Apps and add-ons extend Splunk’s extensive user interface to include information and capabilities from Microsoft Defender ATP. This enables security teams to work through a single streamlined solution that incorporates data from multiple sources to provide comprehensive visualizations and insights into your overall security posture. Follow the setup and configuration steps in the 'Details' tab of "the Microsoft Defender ATP add-on for Splunk.

In addition, another popular add-on developed by our community members enables you to onboard telemetry via Microsoft Defender ATP advanced hunting API for further correlation in Splunk. Learn more about the technology add-on (TA) for Microsoft defender ATP hunting API.

ServiceNow Security Operations | Orchestration and Automation

Security teams today are inundated with alerts and information from siloed point solutions that aren’t connected with each other. Furthermore, manual processes and cross-team handoffs hinder the security team’s ability to efficiently respond to attacks.


To help solve this challenge, ServiceNow® and Microsoft have developed a connection with multiple Microsoft security technologies including Microsoft Defender ATP via the Microsoft Graph Security API. This enables customers to bring rich insights into ServiceNow Security Operations solution. Customers can manage and respond to security alerts centrally from within the Now Platform. We invite you to try out the Microsoft Graph Security API alert ingestion integration for security operations .


Vectra | Network Threat Detection and Response

Vectra® is an artificial intelligence company transforming cybersecurity. Vectra’s Cognito platform provides native integration with Microsoft Defender ATP combining the bird’s eye view of network detection and response NDR (Vectra) with the surgical precision of EDR (Microsoft Defender ATP). This integration includes:

  • Streamlined threat investigation with contextual host information from Microsoft Defender ATP leveraged and displayed by Vectra’s Cognito platform
  • Automated remediation by isolation of hosts upon specific detections
  • One-click pivot from Vectra’s Cognito platform to Microsoft Defender ATP for investigating and isolating suspicious hosts and pausing attack progression.

Learn more about the integration and watch this Vectra - Microsoft Defender ATP Demo for details.


CyberMDX | Visibility and Security for Connected Healthcare Assets

CyberMDX, a leading healthcare cybersecurity provider delivering visibility, threat prevention, and operational efficiency for medical devices, IoT, and clinical networks, has recently integrated with Microsoft Defender ATP. Coupling CyberMDX asset insight and detection capabilities with the Microsoft Defender ATP view of managed networks, healthcare organizations are equipped with unmatched cross-platform and device visibility, classification, and incident response capabilities. Microsoft enterprise customers using Microsoft Defender ATP will benefit from rich network security and device function context provided by CyberMDX and streamlined into Microsoft Defender ATP’s incident response, investigation, and hunting workflows. Learn more about the integration here.

Cymulate | Continuous security validation

Cymulate enables to validate the effectiveness of security controls; it is a SaaS based platform used by security teams to optimize the efficiency of their security operations. By running customized and out-of-the-box attack scenarios, SOC teams can simulate adversaries using the latest threats and attack techniques to discover security gaps and remediate them. Integration with Microsoft Defender ATP correlates EDR findings with simulated attacks to validate accurate detection and effective response actions. The integration also spans across threat and vulnerability management and provides attack context to vulnerable assets and their business criticality in order to prioritize remediation. Learn more about the integration here. 

SkyBox | Network Modeling and Risk Prioritization

Skybox® Security, a global leader in cybersecurity management, recently announced its partnership with Microsoft Defender ATP. This partnership will strengthen Skybox’s vulnerability detection capabilities with the inclusion of critical data from threat and vulnerability management. It thereby expands Skybox’s vulnerability management for enterprises that continue to deploy workloads across hybrid and cloud network environments. Learn more about the integration and watch this video for details. 


THOR | Forensics collection

THOR Scanner extends Microsoft Defender ATP’s real-time monitoring by intense local scans to allow a full on-demand compromise assessment. THOR is a forensic scanner that integrates into Microsoft Defender ATP to scan the local filesystem, registry, logs and other elements for traces of hacking activity using 10,000 hand-written YARA rules and thousands of filename, C2, hash, mutex and named pipe IOCs to them. This live forensic scan reduces the work of your forensic analysts to a minimum and generates results as fast as possible for you to react in a timely manner. Learn more about the integration.



What else?

Microsoft Defender ATP offers partners the opportunity to extend their existing security offerings on top of the open framework and a rich complete set of APIs, allowing them to build extensions and integrations to our endpoint security platform. 

Security vendors interested in connecting to Microsoft Defender ATP can use the step-by-step guide on becoming a Microsoft Defender ATP partner to get started on developing an integration.

1 Comment
Version history
Last update:
‎Jun 17 2020 03:35 PM
Updated by: