Use the Microsoft Graph Security API
- 2 minutes to read
-
Contributors
The Microsoft Graph Security API provides a unified interface and schema to integrate with security solutions from Microsoft and ecosystem partners. This empowers customers to streamline security operations and better defend against increasing cyber threats. The Microsoft Graph Security API can be used as a federated security aggregation service to submit queries to all onboarded security providers to get aggregated responses. Use Microsoft Graph Security API to build applications that:
- Consolidate and correlate security alerts from multiple sources
- Unlock contextual data to inform investigations
- Automate security operations for greater efficiency
- Provide visibility into security data to enable proactive risk management
The Microsoft Graph Security API includes the following key entities.
Alerts
Alerts are potential security issues within a customer's tenant that Microsoft or partner security solutions have identified and are flagged for action or notification. With the Microsoft Graph Security alerts entity, you can unify and streamline security issues across all integrated solutions. This also enables applications to correlate alerts and context to improve threat protection and response. These unlock security operational efficiencies by reducing investigation time and time to resolution for incidents. With the alert update capability, you can sync the status of specific alerts across different security products and services that are integrated with the Microsoft Graph Security API by updating your alerts entity.
Microsoft Graph Security-integrated solutions will receive alerts from the following security providers:
- Azure Security Center
- Azure Active Directory Identity Protection
- Microsoft Cloud Application Security
- Windows Defender Advanced Threat Protection
- Azure Information Protection (preview)
- Microsoft Intune (private preview)
- Office 365 (coming soon)
- Azure Advanced Threat Protection (coming soon)
- Partner solutions, such as Palo Alto Networks App Framework
Note: New providers are continuously onboarding to the Microsoft Graph Security ecosystem.
Common use cases
The following are some of the most popular requests for working with the Microsoft Graph Security API:
| Use cases | REST resources | Try it in Graph Explorer |
|---|---|---|
| List alerts | List alerts | https://graph.microsoft.com/v1.0/security/alerts |
| Update alerts | Update alert | https://graph.microsoft.com/v1.0/security/alerts/{alert-id} |
You can use Microsoft Graph webhooks to subscribe to and receive notifications about updates to Microsoft Graph Security entities.
Resources
Code and contribute to these Microsoft Graph Security API samples:
Engage with the community:
Next steps
The Microsoft Graph Security API can open up new ways for you to engage with different security solutions from Microsoft and partners. Follow these steps to get started:
- Drill down into alerts.
- Try the API in the Graph Explorer. Under Sample Queries, choose show more samples and set the Security category to on.
- Try subscribing to and receiving notifications on entity changes.
Need more ideas? See how some of our partners are using Microsoft Graph.