Is there any guidance for integrating my SIEM (security information and event management system with) Microsoft Graph to connect my security alerts with other Microsoft Graph entities?
Asked
Active
Viewed 534 times
1
-
Microsoft Graph integration docs are located here (http://graph.microsoft.com/docs). Nothing out there about security or SIEMs, but I believe there will be something announced eminently. – JDallman Apr 11 '18 at 17:41
2 Answers
2
Microsoft Graph integration docs are located here. Currently there is no documentation out there about security or SIEMs, but I believe there will be something announced eminently.
Andre Teixeira
- 783
- 3
- 11
-
The Graph Security API team released documentation on SIEM integration through Azure Monitor using an event hub (https://developer.microsoft.com/en-us/graph/docs/concepts/security_siemintegration). It walks through Splunk integration, but Azure Monitor supports other SIEM. as well, so the same event hub solution applies to all supported SIEMs (https://learn.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitor-stream-monitoring-data-event-hubs#what-can-i-do-with-the-monitoring-data-being-sent-to-my-event-hub). – JDallman May 17 '18 at 15:37
0
I've published a cross-platform solution into GitHub (https://github.com/tamhinsf/AzureMonitor4Siem) that includes instructions and a script to automate the setup of the Azure Monitor -> Event Hub data pipeline, and a cross-platform .NET Core-based application that connects to Event Hub to download the Azure activities sent to it.
You can use it as a simple solution to perform a file-based integration with a SIEM of your choice.
Additionally, it's another path to validate Graph Security driven alerts into the Monitor -> Event Hub pipeline.
Tam Huynh
- 177
- 7