Windows Defender ATP API - ingest all alert details into Splunk / Splunk Phantom
We are trying to ingest all the alert details into Splunk, and Splunk Phantom, but we cannot get the last part that allows us to view all the information contained in the alert. (see screenshot for reference) Any guidance on what API call(s) to use would be greatly appreciated. API call we are using https://api-eu.securitycenter.windows.com/api/alerts/da637590078447561363_2087728736 See Screenshot. Evidence Includes Evidence Entry 1 "title": "Connection to a custom network indicator", "description": "An endpoint has connected to a URL or domain in your list of custom indicators.", Evidence Entry 2 "entityType": "Url", "evidenceCreationTime": "2021-06-11T11:30:44.82Z", "sha1": null, .... "url": "https://testgvbgjbhjb.com/", However, I cannot seem to figure out how to retrieve this entry via the API, we can only view it in the GUI --- Network Filter Lookup Service blocked chrome.exe from accessing https://testgvbgjbhjb.com
New blog post | Microsoft Defender for IoT moves to site-based licensing
On June 1, 2023, Microsoft Defender for IoT moved to site-based licensing for organizations looking to protect their operation technology (OT) environments. The previous Azure consumption model for this solution will no longer be available for purchase by new customers. Existing customers can choose to transition to site-based licensing or remain on the consumption model. Microsoft Defender for IoT - New site-based licensingEnterprise IoT Security now included in E5
To help organizations achieve a more holistic endpoint security strategy that traverses both IT and eIoT devices easily, we are thrilled to announce that the eIoT security capabilities of Microsoft Defender for IoT are now included with Microsoft 365 E5 and E5 Security plans at no additional cost for new and existing customers. For more details please visit: Enterprise IoT security now included with Microsoft 365 E5 blog post. This enhancement empowers security teams to: Eliminate critical blind spots by discovering unmanaged enterprise IoT devices. Identify anomalies across the enterprise IoT device estate with continuous monitoring. Harden posture across enterprise IoT with vulnerability assessments with actionable guidance to help remediate at-risk device. What's Changing? Defender for IoT’s EIoT is transitioning from a consumption-based payment model in the Azure portal to a per-device, per-month licensing model as an integral part of Microsoft 365. It is now accessible to both new and existing customers of Microsoft 365 E5 and E5 Security. The new license includes coverage for up to five enterprise IoT devices per eligible user license at no additional cost. Learn more: Get started with enterprise IoT monitoring in Microsoft 365 Defender Start securing IoT devices in the enterprise Read the enterprise IoT security FAQ Microsoft Defender for IoT Plans and Pricing | Microsoft Security web page.
