Recent DiscussionsMost RecentNewest TopicsMost LikesSolutionsTagged:TagRe: Log analytics workspace for Azure 800-171 Initiative Dean_Gross Are you trying to install the Solution NIST SP 800-53 from Sentinel Content hub? While installing a solution (after you select "Create") you need to specify a workspace for the deployment to proceed fine and that workspace needs to have Sentinel enabled. Please let me know if this is the scenario you are looking for or please share solution information or content information and steps that you are following. Thanks. FYI TJBanasik Re: Connect to the Microsoft Graph Security API without writing code! PrashTechTalk and krisrajz - The Microsoft Graph Security API enables managing curated security data like alerts in a unified format across different security providers. Raw data like events and logs are hard to be unified across different products and are verbose too. These codeless mechanisms enable getting alerts across multiple security products in a unified json (schema) format enabling one to correlate alerts with common set of information and investigate before pulling in raw logs as needed by tapping into the direct product specific APIs. Re: Data SEcurity while using Graph APIsMicrosoft Graph is protected in transport by HTTPS, which is the mechanism pretty much majority of APIs use.Re: Alert Status column not updating properly for "Resolved" MCAS or IPC alerts Chris Stelzer - The 'patch' capability for many providers shows supported because you can update alerts and get them in the same updated state across all applications integrated with the Microsoft Graph Security API. IPC has a report which is an aggregation of detections/events structure as described in the IPC documentation. The report, for example, 'risky users' has a state, while the detections or risky events themselves do not have any state in IPC. The risky events is what is available in Microsoft Graph Security API as alerts. Hence the alert patch scenario for IPC is at parity with what the IPC provider portal supports for detections. MCAS - We are working with the provider to enable support for this - no ETA to share though. Re: Mailflow alerts available in Graph API ? Tore Melberg - These are mail flow insights, not alerts. Security alerts from different security products like Office 365 Advanced Threat Protection, Microsoft Defender ATP, Azure Security Center, etc. are available via Microsoft Graph Security API. Check out the list of complete set of Microsoft Graph Security providers with respective links to specific provider security alerts available for access in the documentation. Re: Windows Defender ATP API vs Security Graph APIMicrosoft Graph Security API enables you to access different entities like alerts, tiIndicators, etc. across multiple security products including Windows Defender ATP using a single programmatic interface and unified schema. Considering integrations with multiple products the goal is to surface entities and information that applies to most of the products so that we can provide enriched correlation capabilities across these different products. Nuanced features like, detailed logs, which is product specific can be accessible directly by querying the product. Scenario based guidance on these is detailed in the building connected security solutions developer guide @ https://aka.ms/securitydevwhitepaperRe: Utilizing Graph API to do Planner/Groups stuff without being in Group This techcommunity forum handles responses to Microsoft Graph Security API related questions. For questions related to other Graph workloads like Planner / Groups please submit the question on Stack Overflow and tag with Microsoft-Graph. Thanks! Re: Alert Status column not updating properly for "Resolved" MCAS or IPC alerts Chris Stelzer zchoate_ksmc Microsoft Graph Security API alert patch support for security products is listed @ https://docs.microsoft.com/en-us/graph/api/resources/security-api-overview?view=graph-rest-1.0#alerts The 'patch' capability for many providers shows supported - you can update alerts and get them in the same updated state across multiple applications integrated with the Microsoft Graph Security API. Currently the provider / security product portal is not integrated to consume the data from Microsoft Graph Security API. This needs to be implemented on the respective security product portal side. We are working with the security providers to get this implemented consistently. https://security.microsoft.com/alerts is not integrated to get and update alerts from Microsoft Graph Security API. Re: Topic search not working in People API This techcommunity forum handles responses to Microsoft Graph Security API related questions. For questions related to other Graph workloads like People API please submit the question on Stack Overflow and tag with Microsoft-Graph. Thanks! Re: How to get SharePoint online list item attachments links using Graph API Sorry to hear about this. This techcommunity forum handles responses to Microsoft Graph Security API related questions. For questions related to other Graph workloads like SharePoint please submit the question on Stack Overflow and tag with Microsoft-Graph. Thanks! Re: Security Graph API beta securityAction Microsoft Graph Security API securityAction enables you to programmatically take action to respond to immediate threats. These actions are provider / vendor specific. Currently blockIP action on Microsoft Defender ATP is supported by the API. The securityAction API is free and if you have Microsoft Defender ATP running in your Azure AD tenant you can use the API to proactively respond to threats by taking actions. Re: Using Microsoft REST API to create/update security groups This techcommunity forum handles responses to Microsoft Graph Security API related questions. For questions related to other Graph workloads like users and groups please submit the question on Stack Overflow and tag with Microsoft-Graph. Thanks! Re: Input Sources Supported by Microsoft Graph Security API Basically Microsoft Graph Security API is a REST API that federates requests to different security products running in your tenant and aggregates the response back and returns the output in JSON format that can be then be sent to Kusto. The value here is aggregating data from multiple disparate security products and provide results in a unified schema. Basically you can send input (ODATA) queries to the API to talk to security products like Azure Security Center, Microsoft Defender ATP, Office 365 ATP, etc. Details are here which provides an overview of the API followed by the alerts schema. The API connects with alerts sources (security products) and not databases like Kusto. Re: /security/alerts not returning data value: []Sorry to hear about this. We are investigating this...Use the new NextJS sample to integrate with Microsoft Graph Security We are happy to announce a new NextJS sample, contributed by Olli Vanhoja, Head of Security - ZEIT. Olli is also a member of the judging panel for the ongoing Microsoft Graph Security Hackathon. The NextJS sample is a new addition to the existing set of Microsoft Graph Security samples. Use this sample to build your own integrations with Microsoft Graph Security. This sample uses the Microsoft Graph Security JavaScript SDK to create a server-less Next.js application. The application authenticates with Microsoft Azure Active Directory (AAD) and retrieves security alerts using the Microsoft Graph Security API. This sample is built around the ZEIT Now deployment model, as it utilizes Now builders and deployment routes, but it is portable to any server-less environment. Try the Microsoft Graph Security samples and please share your feedback by filing a GitHub issue or by engaging on the Microsoft Graph Security API tech community or StackOverflow. Connect to the Microsoft Graph Security API without writing code! We are happy to share two new options to connect with the Microsoft Graph Security API without having to write any code. Microsoft Graph Security connectors for Azure Logic Apps, Microsoft Flow, and PowerApps, which greatly simplify the development of automated security workflows. Microsoft Graph Security Power BI connector that enables rapid development of enterprise-wide security reports to gain rich security insights. Try the Microsoft Graph Security connectors and please share your feedback by filing a GitHub issue or by engaging on the Microsoft Security Graph API tech community or StackOverflow. Re: Retrieving Office 365 alerts Hi Martijn, We are working on onboarding Office 365 alerts to be accessible via the Microsoft Graph Security API. The Office 365 announcement in the documentation is suffixed with "coming soon". Unfortunately we don't have a way to test this and targeting to make this available in the next couple months. Thanks, Preeti Re: Update ISG alerts Hi Jeroen, Sorry to hear about the problems you are running into. It seems you are trying to find the alert status and update that. This is available via the status property in the alert schema – details with enum values (newAlert, in Progress, resolved, etc.) are documented @ https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/resources/alert . You can get different status values and we plan to enable update / PATCH scenario this Fall. We do not recommend using tags for status update of alerts. Moreover, tags are an array hence the filter query syntax "$filter=tag" needs to be corrected to cater to ODATA support for filtering array types. Thanks, for sharing the error message you are seeing (upon executing the HTTP request) – The error message expected here is a 400 / bad request for unsupported behavior. We are fixing this error message to return a 400 and this should be there in the next day or so. Thanks, for your feedback. Preeti
Recent Blog ArticlesNewest TopicsMost LikesTagged:Tag[What's New] Easily migrate to Microsoft Sentinel with the new SIEM migration experience Announcing GA of the new Microsoft Sentinel SIEM migration experience to enable you to bring in your SIEM detections into Microsoft Sentinel! [What’s New] Microsoft Sentinel Content Hub GA and OOTB Content Centralization Microsoft Sentinel Content Hub is now GA with OOTB content centralized! Check out what's new and how you can be a part of the Microsoft Sentinel ecosystem and community! [Coming soon] Microsoft Sentinel out-of-the-box content centralization! Check out the upcoming Microsoft Sentinel OOTB content centralization changes and be informed of the necessary actions! [What’s New] Introducing Standalone and OOTB content management at-scale actions Check out new OOTB content management capabilities in Microsoft Sentinel content hub to discover, deploy and manage content from community, ecosystem partners and Microsoft Research + product teams c...Announcing the Microsoft Sentinel Hackathon Spring 2022 winners Check out the Microsoft Sentinel Hackathon Spring 2022 winners and the awesome cybersecurity solutions! Participate in the Microsoft Sentinel Hackathon Spring 2022! Participate in the 3rd Microsoft Sentinel Hackathon for the opportunity to deliver ultimate cybersecurity value and win cool prizes! What’s new: Unified Microsoft SIEM and XDR GitHub Community Check out the new unified GitHub community for Microsoft Sentinel and Microsoft 365 Defender. Participate in this unified community to deliver value to multiple products with a single contribution. ...Introducing Microsoft Sentinel Content hub! Check out the new Content hub to easily discover and deploy end-to-end out-of-the-box Microsoft Sentinel SIEM content to enable your multi-cloud, security, identity, compliance, etc. scenarios! ...Announcing the Azure Sentinel Hackathon 2021 winners! Check out the winners of the 2nd annual online Azure Sentinel Hackathon 2021 to deliver end-to-end cybersecurity solutions! Azure Sentinel Solutions for Partners: Build Combined Value for a Wider Audience Learn how to unlock full potential of your investments in Azure Sentinel and deliver combined value to customers with Azure Sentinel Solutions. Also announcing 10+ new Solutions for cloud workloa...
MicrosoftMicrosoftMicrosoftMicrosoft
