Flow Tidbit - Check out the new Microsoft Graph Security API connector
If you receive Microsoft Flow Team Newsletter (See latest here) you may have noticed that we have recently added 6 new connectors and I’m going to focus primarily on ‘Microsoft Graph Security (Preview)’ connector.
First of all this connector can be used in Flow, PowerApps, and Logic Apps.
Next understand that the Microsoft Graph Security API is a service that provides an interface to connect multiple Microsoft Graph Security providers and return aggregated results to your App. This has the benefits of:
- Rich alert metadata.
- Better alert correlation.
- Unified threat management, prevention, and risk management across various security solutions.
- Alerts, actions, and customer threat intelligence exposed through Microsoft Graph.
- Instant integration with Microsoft Graph-enabled solutions.
- Gain deep security insights to train other security solutions.
Connect to the API via the following methods:
- Write code https://aka.ms/graphsecurityapicode
- Connect using scripts https://aka.ms/graphsecuritypowershellsample
- Drag and drop into workflows and playbooks https://aka.ms/graphsecurityconnectorsblogpost
- Get data into reports and dashboards https://aka.ms/graphsecuritypowerbiconnectordoc
- Connect using Jupyter notebooks https://aka.ms/graphsecurityjupyternotebooks
Here are some reasons why we would use the Microsoft Graph API it allows us to more readily realize and enrich the value of these solutions. We can connect easily with the Microsoft Graph Security API by using one of the following approaches, depending on the requirements:
- Unify and standardize alert tracking:
- Connect once to integrate alerts from any Microsoft Graph-integrated security solution and keep alert status and assignments in sync across all solutions. We can also stream alerts to security information and event management (SIEM) solutions.
- Correlate security alerts to improve threat protection and response:
- Correlate alerts across security solutions more easily with a unified alert schema. This not only allows us to receive actionable alert information but allows security analysts to pivot and enrich alerts with asset and user information, enabling faster response to threats and asset protection.
- Update alert tags, status, and assignments:
- Tag alerts with additional context or threat intelligence to inform response and remediation. Ensure that comments and feedback on alerts are captured for visibility to all workflows.
- Unlock security context to drive investigation:
- Dive deep into related security-relevant inventory (like users, hosts, and apps), then add organizational context from other Microsoft Graph providers (Azure AD, Microsoft Intune, Office 365) to bring business and security contexts together and improve threat response.
- Automate security workflows and reporting:
- Automate security management, monitoring, and investigations to improve operational efficiencies-and response times.
- Get deep insights to train security solutions:
- Visualize data across different security products running in the organization to get deeper security insights.