Microsoft Graph Security API log source parameters for Microsoft 365 Defender

If the QRadar® product does not automatically detect the log source, add a Microsoft 365 Defender® log source in the QRadar product by using the Microsoft Graph Security API protocol.

When you use the Microsoft Graph Security API protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect Microsoft Graph Security API events from Microsoft 365 Defender:
Table 1. Microsoft Graph Security API log source parameters for the Microsoft 365 Defender DSM
Parameter Value
Log Source type Microsoft 365 Defender
Protocol Configuration Microsoft Graph Security API
Log Source Identifier

Use a unique name for the log source.

API Alerts V2 (/alerts_v2)

For a complete list of Microsoft Graph Security API protocol parameters and their values, see Microsoft Graph Security API protocol configuration options.