Microsoft Graph Security API protocol log source parameters for Microsoft Defender for Cloud

Add a Microsoft Defender for Cloud log source on the QRadar Console by using the Microsoft Graph Security API protocol.
The following table describes the parameters that require specific values to collect Microsoft Graph Security API events from Microsoft Defender for Cloud:
Table 1. Microsoft Graph Security API log source parameters for the Microsoft Defender for Cloud DSM
Parameter Value
Log Source type Microsoft Defender for Cloud
Protocol Configuration Microsoft Graph Security API
Log Source Identifier

An identifiable name for the log source.

The Log Source Identifier can be any valid value, including the same value as the Log Source Name parameter, and doesn't need to reference a specific server. If you configured multiple Microsoft Defender for Cloud log sources, you might want to identify the first log source as MASC-1 the second log source as MASC-2, and the third log source as MASC-3.

Tenant ID

To find the Tenant ID parameter value, log in to Microsoft Defender for Cloud, and then select Azure Active Directory > Overview or select Azure Active Directory > App registration > Microsoft Graph Security App > Overview.

Client ID

To find the Client ID parameter value, log in to Microsoft Defender for Cloud, and then select Azure Active Directory > App registration > Microsoft Graph Security App > Overview.

Client Secret To find the Client Secret parameter value, log in to Microsoft Defender for Cloud, and then select Azure Active Directory > App registration > Microsoft Graph Security App > Certificates and secrets > Client secrets. If no client secret exists, you can create one there.

For a complete list of Microsoft Graph Security API protocol parameters and their values, see Microsoft Graph Security API protocol configuration options.