Forum Discussion
Azure Active Directory Identity Protection - QRadar Integration
Hi all
We would like to integrate our Azure Active Directory Identity Protection system with QRadar on Cloud, in order to forward alerts directly to the SIEM dashboard.
In the discussion opened in 2020, they say that we can do that with Graph API:
https://www.ibm.com/docs/en/qradar-on-cloud?topic=options-microsoft-graph-security-api-protocol-configuration
Is that possible even at the current versions of both AADI and QRadar?
- Hi, I would say that this is question more appropriately directed to IBM forums such as this one https://community.ibm.com/community/user/security/discussion/azure-identity-protection-events-to-qradar. I don't think this can be answered here.
- Thank you Peter,
I'll ask IBM team then.
If QRadar can receive events from the Microsoft Graph Security API,
all we need to do at MS side is the following right?
https://learn.microsoft.com/en-us/graph/api/resources/identityprotection-overview?view=graph-rest-beta
