+ All Categories

Download - Microsoft Graph Security REST API

Transcript
Page 1: Microsoft Graph Security REST API

Microsoft 365 Security Products Integration Design - August 2021 © Marius Mocanu, Adrian Grigorof

High Definition available at http://www.managedsentinel.com

Log Analytics Workspace

SecurityAlerts Table

Kusto Query Language Queries / Log Correlation / Enrichment / Log Retention

Playbooks

Automation Rules

Playbooks

Automation Rules

Azure Sentinel

Managed Sentinelwww.managedsentinel.com

Custom Alerts

24x7 Managed Detection and

Response

Security Investigation

Third Party RiskThreat

IntelligenceCyber Forensics

Incident ResponseVulnerability Management

https://www.bluevoyant.com

Managed Sentinelwww.managedsentinel.com

Custom Alerts

24x7 Managed Detection and

Response

Security Investigation

Third Party RiskThreat

IntelligenceCyber Forensics

Incident ResponseVulnerability Management

https://www.bluevoyant.com

Azure Lighthouse

Remote Management

SOAR Automation

M365 Deployment

Via M365 Defender Data Connector (bi-directional)

Alerts tune-up

Health Monitoring

Alert RulesAlert Rules

Defender for Office 365Defender for Office 365

Safe Attachments – SharePoint/OneDrive/Teams/Office clients

Safe Links – Links in emails and documents

Anti Phishing/ Anti Spam

Office 365 Protection – Sharepoint/OneDrive/Teams

Time of Click Protection – Teams/Outlook

Threat Explorer

Threat Tracker

Campaign Views

Attack Simulator

Automated Investigation and Response

(AIR)

Automated Investigation and Response

(AIR)

Mic

roso

ft D

efen

der

fo

r O

ffic

e P

lan

2

AlertsAlertsAlert PolicyAlert Policy

REST APIs WebhooksREST APIs Webhooks

ReportingReportingEvent SearchEvent SearchUser

TaggingUser

Tagging DashboardsDashboardsAlertsAlert Policy

REST APIs Webhooks

ReportingEvent SearchUser

Tagging Dashboards

Enhanced FilteringDKIMDKIM Allow/Block ListsAllow/Block Lists

ThreatPolicies

TemplatesPolicies

Rules

Defender for Office 365

Safe Attachments – SharePoint/OneDrive/Teams/Office clients

Safe Links – Links in emails and documents

Anti Phishing/ Anti Spam

Office 365 Protection – Sharepoint/OneDrive/Teams

Time of Click Protection – Teams/Outlook

Threat Explorer

Threat Tracker

Campaign Views

Attack Simulator

Automated Investigation and Response

(AIR)

Mic

roso

ft D

efen

der

fo

r O

ffic

e P

lan

2

AlertsAlert Policy

REST APIs Webhooks

ReportingEvent SearchUser

Tagging Dashboards

Enhanced FilteringDKIM Allow/Block Lists

ThreatPolicies

TemplatesPolicies

Rules

Via M365 Defender Data Connector (bi-directional)

Microsoft Cloud App Security

Information Protection

Threat Detection

Conditional Access App Control

Cloud Discovery

DashboardsDashboardsStorage *Storage * PoliciesPolicies ReportsReports

Governance ActionsGovernance Actions

Microsoft Cloud App Security

Information Protection

Threat Detection

Conditional Access App Control

Cloud Discovery

DashboardsStorage * Policies Reports

Governance Actions

Via M365 Defender Data Connector (bi-

directional)

ATP sensor

Windows Events Monitored:

4776, 4732, 4733, 4728, 4729, 4756, 4757, 7045, 8004

Windows Domain Controller

ATP sensor

Windows Events Monitored:

4776, 4732, 4733, 4728, 4729, 4756, 4757, 7045, 8004

Windows Domain Controller

VPN Gateway

Cisco ASA, Checkpoint, F5, Microsoft

RADIUS Accounting

On-Premises Infrastructure

Defender for Identity

Advanced Threats DetectionAdvanced Threats Detection

Attack Surface ReductionAttack Surface Reduction

Alert InvestigationAlert Investigation

User and Entity Behavior Analytics (UEBA) User and Entity Behavior Analytics (UEBA)

Storage *Storage * ReportsReports NotificationsNotifications Health

Defender for Identity

Advanced Threats Detection

Attack Surface Reduction

Alert Investigation

User and Entity Behavior Analytics (UEBA)

Storage * Reports Notifications Health

Activities, Alert,

Identity Metadata

Activities, Alert,

Identity Metadata

Software InventorySoftware Inventory Security RecommendationsSecurity Recommendations

Defender for EndpointDefender for Endpoint

Threat & Vulnerability ManagementThreat & Vulnerability Management

Attack Surface ReductionAttack Surface Reduction

Next Generation ProtectionNext Generation Protection

Automated Threat InvestigationAutomated Threat Investigation

Microsoft Threat ExpertsMicrosoft Threat Experts

Endpoint Detection and Response (EDR)Endpoint Detection and Response (EDR)Endpoint Detection and Response (EDR)

Threat & Vulnerability Management

Attack Surface Reduction

Next Generation Protection

Automated Threat Investigation

Microsoft Threat Experts

Endpoint Detection and Response (EDR)

Storage *Storage * ReportsReports DashboardsDashboardsAlertsAlerts RulesRules Live Response

Live Response

Software Inventory Security Recommendations

Defender for Endpoint

Threat & Vulnerability Management

Attack Surface Reduction

Next Generation Protection

Automated Threat Investigation

Microsoft Threat Experts

Endpoint Detection and Response (EDR)

Storage * Reports DashboardsAlerts Rules Live Response

Data Enrichment

Android 6.0 and aboveAndroid 6.0 and above

Windows OS

Windows 7 SP1Windows 10

Windows OS

Windows 7 SP1Windows 10

macOS

Versions:10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra)

macOS

Versions:10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra)

LinuxLinux

Alerts, Incidents(security and health)

Alerts, Incidents, Automated Investigations

(security and health)

Event IDs:5007, 1121, 1122

Azure AD Identity Protection

Risk Detection

Risk Investigation

Minimum Azure AD Premium P2 license

Risk Remediation

Reports

Risky usersRisky sign-ins

Risk detections

Reports

Risky usersRisky sign-ins

Risk detections

Policies

MFA registrationUser risk remediation

Sign-in risk remediation

Policies

MFA registrationUser risk remediation

Sign-in risk remediation

Policies

MFA registrationUser risk remediation

Sign-in risk remediation

AlertsAlerts DashboardsDashboards

Governance Actions

Azure AD Identity Protection

Risk Detection

Risk Investigation

Minimum Azure AD Premium P2 license

Risk Remediation

Reports

Risky usersRisky sign-ins

Risk detections

Policies

MFA registrationUser risk remediation

Sign-in risk remediation

Alerts Dashboards

Governance Actions

Microsoft 365 Compliance

Data Loss Prevention Classification

Record Management Information Governance

Supervision Service Assurance

Microsoft 365 Compliance

Data Loss Prevention Classification

Record Management Information Governance

Supervision Service Assurance

Suspicious inbox manipulation rulesImpossible travel

Azure ADAzure AD

3rd Party SaaS Applications

Conditional Access App Control

SAML 2.0

Via M365 Defender Data Connector (bi-directional)

Microsoft Graph Security REST API

Data Collection and Normalization

Analytics – Machine Learning, Insights

Publish to Internal APIs

Relationships Discovery

REST APIs WebhooksREST APIs Webhooks Graph ExplorerGraph ExplorerSecurity ScoreSecurity Score

Microsoft Graph Security REST API

Data Collection and Normalization

Analytics – Machine Learning, Insights

Publish to Internal APIs

Relationships Discovery

REST APIs Webhooks Graph ExplorerSecurity Score

Defender for Identities only via MCAS

Security AlertsSecurity Alerts

Microsoft Intelligence

Sample zoos

Dark markets

Threat feeds

Sinkholes honeypots

Detonation Sandboxes

Services IRIntelligence

Microsoft Intelligence

Sample zoos

Dark markets

Threat feeds

Sinkholes honeypots

Detonation Sandboxes

Services IRIntelligence

Threat Intelligence

Azure Security Center

Continuous Assessment & Recommendations

Azure Secure Score

Regulatory Compliance JIT VM Access AAC & Network Hardening

Azu

re

De

fen

der

DashboardsDashboardsAlertsAlertsInventoryInventoryWorkflow

AutomationWorkflow

Automation

REST APIs WebhooksREST APIs Webhooks

Auto Provisioning

Auto Provisioning

Vulnerability Scanning

Vulnerability Scanning

Automated RemediationAutomated

Remediation

Threat Protection

Azure Security Center

Continuous Assessment & Recommendations

Azure Secure Score

Regulatory Compliance JIT VM Access AAC & Network Hardening

Azu

re

De

fen

der

DashboardsAlertsInventoryWorkflow

Automation

REST APIs Webhooks

Auto Provisioning

Vulnerability Scanning

Automated Remediation

Threat Protection

Config checks

Azure DNSAzure DNS

Resource ManagerResource Manager

KubernetesKubernetes

Azure SQL DatabaseAzure SQL Database

Key VaultKey VaultAzure VMsAzure VMs StorageStorage

Container Registry

Container Registry

IoTIoT

Azu

re

De

fen

der

App ServicesApp Services

Network Security Groups

Network Security Groups

Azure FirewallAzure

FirewallEvent HubsEvent Hubs

App Gateway

App Gateway

Virtual Networks

Virtual Networks

Azure ADAzure AD

Azure Cloud ServicesAzure Cloud ServicesConfig checks

Azure DNS

Resource Manager

Kubernetes

Azure SQL Database

Key VaultAzure VMs Storage

Container Registry

IoT

Azu

re

De

fen

der

App Services

Network Security Groups

Azure Firewall

Event Hubs

App Gateway

Virtual Networks

Azure AD

Azure Cloud Services

Threat DetectionThreat DetectionMFA, Access hygiene recommendations, Identity

recommendations, Configuration Review, Network Maps, SSL usage

Centralized Management

Detection

3rd Party Cloud Connectors

Policy Mgmt., Vulnerability Mgmt., EDR, Security

Compliance

Security AlertsSecurity Alerts

Data Enrichment via API calls

Real Time app control

Real Time app control

Office 365Office 365

Azure ADAzure AD

Office 365Office 365

Azure ADAzure AD

Office 365Office 365

Azure AD

|

Azure AD

|

Security AlertsSecurity Alerts

Security AlertsSecurity AlertsSecurity AlertsSecurity Alerts

Data Enrichment

Data Connectors UEBA

Workbooks

Security AlertsSecurity Alerts

Security RecommendationsSecurity ScoreSecurity Alerts

Regulatory compliance

Security AlertsSecurity Alerts

Azure Security Baseline

Security AlertsSecurity Alerts

Detected Events

Discovery Logs(optional)

Security AlertsSecurity Alerts

ActivitiesAlerts

Host Metadata

ActivitiesAlerts

Host Metadata

Security AlertsSecurity Alerts

KPI Reporting & Monitoring

Windows Server

Security AlertsSecurity Alerts

Centralized Management

Requires E5 Licenses

180 days Data Retention

90 days Data Retention (Audit Trail)

Data Retention: Activity log: 180 days

Discovery data: 90 days Alerts: 180 days

Governance log: 120 days90 days Data Retention

MDR Service

MDR Service

MDR ServiceMDR Service MDR ServiceMDR Service MDR ServiceMDR Service

MDR ServiceMDR Service

AD Entities, Network Traffic, Windows Events

Security AlertsSecurity Alerts

MDR ServiceMDR Service

UEBA, Productivity App Discovery,

Oauth apps, Conditional Access

App Control

Threat Intel Feeds

NotebooksHunting Scripts

Top Related
WP REST API
WP REST API

Internet

REST, RESTful API
REST, RESTful API

Software

Creating a proxy REST API with IBM API Management 4.0.0files.meetup.com/19095698/How to create a REST API... · Creating a proxy REST API with IBM API Management 4.0.0.0 April 29,
Creating a proxy REST API with IBM API Management 4.0.0files.meetup.com/19095698/How to create a REST API... · Creating a proxy REST API with IBM API Management 4.0.0.0 April 29,

Documents

REST API - HumanAPI_Description
REST API - HumanAPI_Description

Documents

Enterprise Graph SharePoint · 2018-12-05 · • Enterprise Graph • User Experience Walk Through • Yammer Integration • Open Graph • Embed • REST API • Customer story
Enterprise Graph SharePoint · 2018-12-05 · • Enterprise Graph • User Experience Walk Through • Yammer Integration • Open Graph • Embed • REST API • Customer story

Documents

Cisco VIM REST API · Cisco VIM REST API ThefollowingtopicsexplainhowtousetheCiscoVIMRESTAPItomanageCiscoNFVI. • OverviewtoCiscoVIMRESTAPI, page 1 • CiscoVIMRESTAPIResources,
Cisco VIM REST API · Cisco VIM REST API ThefollowingtopicsexplainhowtousetheCiscoVIMRESTAPItomanageCiscoNFVI. • OverviewtoCiscoVIMRESTAPI, page 1 • CiscoVIMRESTAPIResources,

Documents

KISS REST API
KISS REST API

Documents

Enhance existing REST APIs (e.g. Facebook Graph API) with code completion using Swagger/Spring- Devoxx 2015
Enhance existing REST APIs (e.g. Facebook Graph API) with code completion using Swagger/Spring- Devoxx 2015

Technology