Microsoft Defender for Cloud DSM specifications
When you configure Microsoft Defender for Cloud, understanding the specifications for the Microsoft Defender for Cloud DSM can help ensure a successful integration. For example, knowing what event format is supported for Microsoft Defender for Cloud before you begin can help reduce frustration during the configuration process.
Important: Microsoft
Defender XDR integration is supported in
QRadar by using the Microsoft
Graph Security API protocol, the Microsoft 365 Defender DSM, and the Microsoft
Defender for Cloud DSM, with client ID
and client secret–based authentication.
The following table describes the specifications for the Microsoft Defender for Cloud DSM.
| Specification | Value |
|---|---|
| Manufacturer | Microsoft |
| DSM name | Microsoft Defender for Cloud |
| RPM file name | DSM-MicrosoftAzureSecurityCenter-QRadar_version-build_number.noarch.rpm |
| Protocol | Microsoft Graph Security API Microsoft Azure Event Hubs |
| Event format | JSON |
| Recorded event types | Security alert |
| Automatically discovered? | No |
| Includes identity? | No |
| Includes custom properties? | No |
| More information | Security alerts - a reference guide (https://docs.microsoft.com/en-us/azure/security-center/alerts-reference) |