Universal Cloud REST API data source parameters for Microsoft 365 Defender

Add a Microsoft 365 Defender data source that uses the Universal Cloud REST API connector.

When you use the Universal Cloud REST API connector, there are specific parameters that you must configure.

The following table describes the parameters that require specific values to collect Universal Cloud REST API alerts from Microsoft 365 Defender:
Table 1. Universal Cloud REST API data source parameters for the Microsoft 365 Defender data source type
Parameter Value
Data source type Microsoft 365 Defender
Connector type Universal Cloud REST API
Data source identifier The Data source identifier can be any valid value and does not need to reference a specific server. It can also be the same value as the Data source type. If you have more than one configured Universal Cloud REST API data source, ensure that you give each one a unique name.
Workflow

The XML document that defines how the protocol instance collects alerts from the target API.

For more information about the default workflow, see Universal Cloud REST API connector workflow for Microsoft 365 Defender.

Workflow Parameter Values

The XML document that contains the parameter values used directly by the workflow.

For more information about the default workflow parameters, see Universal Cloud REST API connector workflow for Microsoft 365 Defender.

Full a complete list of Universal Cloud REST API connector parameters and their values, see Universal Cloud REST API connector.

For more information about adding a data source, see Adding ingestion data sources.