Most modern organizations rely on a plethora of security solutions to execute defense-in-depth strategy. While these solutions are needed to cover all the gaps, they can add a lot of complexity via point integrations. The Microsoft Graph Security API offers simple ways to integrate with Microsoft and partner security products with a single interface and a unified schema. The Microsoft Graph Security API team has done extensive research on how our customers have leveraged the API. We’ve compiled a whitepaper to share this knowledge with you along with tips and tricks to enable quick integrations.
If you are an architect, developer, or scripter and want to integrate your company’s products or services with the API, develop applications to support security management and monitoring services, help your customers integrate their security tools and workflows, simply build custom security app, integrate workflows, or develop security analytics, this whitepaper is for you. It highlights seven ways to use the API to reap as much benefit as possible from it. Some highlights the whitepaper covers include:
Automate the creation of security incidents: Receive, assign, and update a single list of alerts from all your security vendors integrated with the API. Any updates you make will reflect in your API integrated ticketing system, eliminating the need to go back and update in multiple places.
Automate your response workflows: Correlate any alert you receive with other alerts from Microsoft Graph Security API providers to enrich and automate responses.
Respond more intelligently to threats: When you receive an alert about a user, you can use the API and mash up with other Microsoft Graph entities to query all integrated providers about this user, devices registered to them, and security groups of which they are a member. This empowers your analyst to respond to threats equipped with all relevant information.