Today, we are announcing new capabilities in the Microsoft Graph Security API that will enable customers to derive further value by integrating with the API with the ability to share threat intelligence across additional Microsoft products and be able to easily orchestrate automated security workflows. Our announcements also include a range of new out-of-the-box partner integrations using which customers have more options to gain efficiencies in their security investments. Finally, we’re announcing additional resources for developers to easily build solutions leveraging the Microsoft Graph Security API.
Threat Intelligence
Customers can now send custom threat intelligence or IoCs (Indicators of Compromise) using the Microsoft Graph Security API threat indicators entity to Microsoft Defender ATP to block or alert on threats. With this capability, customers can use a single integration to send threat indicators like a malicious IP, URL, file, etc. to multiple Microsoft security products as follows:
You can use this capability in the following ways.
Security Operations and Automations
We’ve added features to enable customers to build workflows and playbooks of their choice without having to write any code to expedite incident and response. New integration with ServiceNow enables customers to reap the benefits that Microsoft Graph Security API provides by connecting different security products natively in the respective security operations solutions.
ServiceNow has built an integration using the Microsoft Graph Security API, in which security alerts from multiple security products like Azure Sentinel, Microsoft Defender ATP, Azure Security Center and more will be ingested into ServiceNow Security Operations to automatically create security incidents. Read the ServiceNow – Microsoft Graph Security API integration blog post for further details and get started.
We’ve added support for triggers to the Microsoft Graph Security API connectors for Azure Logic Apps, Microsoft Flow. With this, now you can initiate your playbook when a new alert is created. Use the Microsoft Graph Security API connector with over 100s of other connectors available to design workflows that expedite alert routing, triage, investigation, and remediation.
To get started,
SIEM Connections
Splunk and RSA NetWitness customers can leverage integrations available with Microsoft Graph Security API to get alerts from multiple security products in a unified format with a single connection, streamed to their SIEM (Security incident and event management).
RSA NetWitness has built a native integration that uses Microsoft Graph Security API to stream alerts from all Microsoft Security products, including Microsoft Defender Advanced Threat Protection, Azure Advanced Threat Protection and more into RSA NetWitness. Get started by following steps outlined in the RSA NetWitness integrations documentation.
We recently released a new Splunk add-on to enable customers to easily integrate security alerts and insights from their Microsoft security products into Splunk. Get started by following steps outlined in the blog post announcing this add-on.
Managed Security Services
Managed security service providers like InSpark, Softeng, SWC and more continue to integrate with the Microsoft Graph Security API. Now, Trustwave uses Microsoft Security Graph API to connect alerts across Microsoft security products, the security ecosystem and the Trustwave Fusion platform for enhanced threat detection, investigation and response. Refer to Trustwave integrations document for further details to get started.
Get Started Now!
We’ve been continuously investing in enabling our developers to easily build solutions of their choice using the Microsoft Graph Security API and partner with us to showcase these using different options. As always, please share your feedback by filing a GitHub issue.
If you are at Microsoft Ignite 2019, remember to check out the following Microsoft Graph Security API sessions to learn more about these announcements and chat with us.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.