Universal Cloud REST API data source parameters for Microsoft 365 Defender
Add a Microsoft 365 Defender data source that uses the Universal Cloud REST API connector.
When you use the Universal Cloud REST API connector, there are specific parameters that you must configure.
Parameter | Value |
---|---|
Data source type | Microsoft 365 Defender |
Connector type | Universal Cloud REST API |
Data source identifier | The Data source identifier can be any valid value and does not need to reference a specific server. It can also be the same value as the Data source type. If you have more than one configured Universal Cloud REST API data source, ensure that you give each one a unique name. |
Workflow |
The XML document that defines how the protocol instance collects alerts from the target API. For more information about the default workflow, see Universal Cloud REST API connector workflow for Microsoft 365 Defender. |
Workflow Parameter Values |
The XML document that contains the parameter values used directly by the workflow. For more information about the default workflow parameters, see Universal Cloud REST API connector workflow for Microsoft 365 Defender. |
Full a complete list of Universal Cloud REST API connector parameters and their values, see Universal Cloud REST API connector.
For more information about adding a data source, see Adding ingestion data sources.