Microsoft Azure Security Center

The IBM® QRadar® DSM for Microsoft Security Center collects JSON events from a Microsoft Azure Security Center by using the Microsoft Graph Security API protocol.

To integrate Microsoft Azure Security Center with QRadar, complete the following steps:
  1. If automatic updates are not enabled, RPMs are available for download from the IBM support website (http://www.ibm.com/support). Download and install the most recent version of the following RPMs on your QRadar Console:
    • Microsoft Azure Security Center DSM RPM
    • Microsoft Graph Security API Protocol DSM
  2. Configure Microsoft Azure Security Center to send events to QRadar. For more information see, Export security alerts and recommendations https://docs.microsoft.com/en-us/azure/security-center/continuous-export).
    Important: QRadar supports events only from the Microsoft Azure Security Center provider. Events sent to QRadar must have "provider:ASC" or "provider":"Azure Security Center" in the payload.
  3. Add a Microsoft Azure Security Center log source on the QRadar Console.