Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Azure Active Directory Identity Protection - QRadar Integration

Copper Contributor

Hi all
We would like to integrate our Azure Active Directory Identity Protection system with QRadar on Cloud, in order to forward alerts directly to the SIEM dashboard.
In the discussion opened in 2020, they say that we can do that with Graph API:
https://www.ibm.com/docs/en/qradar-on-cloud?topic=options-microsoft-graph-security-api-protocol-conf...
Is that possible even at the current versions of both AADI and QRadar?

2 Replies
Hi, I would say that this is question more appropriately directed to IBM forums such as this one https://community.ibm.com/community/user/security/discussion/azure-identity-protection-events-to-qra.... I don't think this can be answered here.
Thank you Peter,
I'll ask IBM team then.
If QRadar can receive events from the Microsoft Graph Security API,
all we need to do at MS side is the following right?
https://learn.microsoft.com/en-us/graph/api/resources/identityprotection-overview?view=graph-rest-be...