Microsoft Defender for Cloud DSM specifications

When you configure Microsoft Defender for Cloud, understanding the specifications for the Microsoft Defender for Cloud DSM can help ensure a successful integration. For example, knowing what event format is supported for Microsoft Defender for Cloud before you begin can help reduce frustration during the configuration process.

Important: Microsoft Defender XDR integration is supported in QRadar by using the Microsoft Graph Security API protocol, the Microsoft 365 Defender DSM, and the Microsoft Defender for Cloud DSM, with client ID and client secret–based authentication.

The following table describes the specifications for the Microsoft Defender for Cloud DSM.

Table 1. Microsoft Defender for Cloud DSM specifications
Specification Value
Manufacturer Microsoft
DSM name Microsoft Defender for Cloud
RPM file name DSM-MicrosoftAzureSecurityCenter-QRadar_version-build_number.noarch.rpm
Protocol Microsoft Graph Security API

Microsoft Azure Event Hubs

Event format JSON
Recorded event types Security alert
Automatically discovered? No
Includes identity? No
Includes custom properties? No
More information Security alerts - a reference guide (https://docs.microsoft.com/en-us/azure/security-center/alerts-reference)