Microsoft Graph Security API log source parameters for Microsoft 365 Defender
If the QRadar® product does not automatically detect the log source, add a Microsoft 365 Defender® log source in the QRadar product by using the Microsoft Graph Security API protocol.
When you use the Microsoft Graph Security API protocol, there are specific parameters that you must use.
The following table describes the parameters that require specific values to collect Microsoft Graph Security API events from Microsoft 365 Defender:
Parameter | Value |
---|---|
Log Source type | Microsoft 365 Defender |
Protocol Configuration | Microsoft Graph Security API |
Log Source Identifier |
Use a unique name for the log source. |
API | Alerts V2 (/alerts_v2) |
For a complete list of Microsoft Graph Security API protocol parameters and their values, see Microsoft Graph Security API protocol configuration options.