Is there any guidance for integrating my SIEM (security information and event management system with) Microsoft Graph to connect my security alerts with other Microsoft Graph entities?
Connecting alerts and SIEM with Microsoft Graph data
577 Views Asked by JDallman At
2
There are 2 best solutions below
1
On
Microsoft Graph integration docs are located here. Currently there is no documentation out there about security or SIEMs, but I believe there will be something announced eminently.
I've published a cross-platform solution into GitHub (https://github.com/tamhinsf/AzureMonitor4Siem) that includes instructions and a script to automate the setup of the Azure Monitor -> Event Hub data pipeline, and a cross-platform .NET Core-based application that connects to Event Hub to download the Azure activities sent to it.
You can use it as a simple solution to perform a file-based integration with a SIEM of your choice.
Additionally, it's another path to validate Graph Security driven alerts into the Monitor -> Event Hub pipeline.