Microsoft Graph Security API data source parameters for Microsoft 365 Defender
If the QRadar® product does not automatically detect the data source, add a Microsoft 365 Defender® data source in the QRadar product by using the Microsoft Graph Security API connector.
When you use the Microsoft Graph Security API connector, there are specific parameters that you must use.
The following table describes the parameters that require specific values to collect Microsoft Graph Security API events from Microsoft 365 Defender:
| Parameter | Value |
|---|---|
| Data source type | Microsoft 365 Defender |
| Connector type | Microsoft Graph Security API |
| Data source identifier |
Use a unique name for the data source. |
| API | Alerts V2 (/alerts_v2) |
For a complete list of Microsoft Graph Security API connector parameters and their values, see Microsoft Graph Security API connector configuration options.
For more information about adding a data source, see Adding ingestion data sources.