Integrate Microsoft Graph Security API alerts with a SIEM
The Microsoft Graph Security API enables managing security alerts from all Microsoft security products, known as Microsoft Graph Security providers, through a single REST endpoint. Some organizations may already ingest Azure-specific log data through Azure Monitor into SIEM solutions. To simplify integration, the security alerts available through the Microsoft Graph Security API can also be provisioned by the customer to their subscription via Azure Monitor. If your organization has already configured Azure Monitor integration with your SIEM solution, you can now easily stream your organization’s security alerts in addition to your existing data available through Azure Monitor.
Alerts from the following security providers are available via SIEM integration:
- Azure Security Center
- Azure Active Directory Identity Protection
- Microsoft Cloud App Security
- Azure Information Protection (preview)
- Azure Advanced Threat Protection (preview)
- Azure Sentinel (preview)
Azure Monitor supports connectors to several SIEM products. For a list of supported SIEM products, see send monitoring data to an event hub. Microsoft Graph Security API integration is currently available for Splunk and QRadar.
For information about Microsoft Graph Security API integration for specific SIEM solutions, see: