WorryFree Computers   »   [go: up one dir, main page]
This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How can we integrate Microsoft Defender for O365 with Chronicle SIEM ?

Posted 2 weeks ago
TPankaj
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

How can we integrate Microsoft Defender for O365 with Chronicle SIEM ?

Is it using Microsoft Graph Alert (Third Party API) ?

https://cloud.google.com/chronicle/docs/preview/siem-integrations/microsoft-graph-alert.

1 3 111
Topic Labels
3 REPLIES 3

Posted on --/--/---- --:-- AM
jstoner
Staff
Reply posted on --/--/---- --:-- AM

I’ve played with it previously but not recently. At one point it was outputting alerts via the graph api alert. This would be set up via feed management like other o365 and entra id logging

Posted on --/--/---- --:-- AM
TPankaj
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

@jstoner Thank you. However is it possible to get a confirmation as we do not test environment to cross verify it?

Posted on --/--/---- --:-- AM
jkephsecru
Bronze 3
Bronze 3
In response to TPankaj
Reply posted on --/--/---- --:-- AM

Agree- The documentation could be much better around the M365 integrations.

https://cloud.google.com/chronicle/docs/ingestion/default-parsers/collect-microsoft365


0 Likes