Microsoft Azure Security Center
The IBM® QRadar® DSM for Microsoft Security Center collects JSON events from a Microsoft Azure Security Center by using the Microsoft Graph Security API protocol.
To integrate Microsoft Azure Security Center with QRadar, complete the following steps:
- If automatic updates are not enabled, RPMs are available for download from the IBM support website (http://www.ibm.com/support). Download and install the most recent
version of the following RPMs on your QRadar
Console:
- Microsoft Azure Security Center DSM RPM
- Microsoft Graph Security API Protocol DSM
- Configure Microsoft Azure Security Center to send events to QRadar. For more information
see, Export security alerts and recommendations
https://docs.microsoft.com/en-us/azure/security-center/continuous-export). Important: QRadar supports events only from the Microsoft Azure Security Center provider. Events sent to QRadar must have
"provider:ASC"
or"provider":"Azure Security Center"
in the payload. - Add a Microsoft Azure Security Center log source on the QRadar Console.