使用 Microsoft Graph 安全性 APIUse the Microsoft Graph Security API

Microsoft Graph 安全性 API 提供了统一的界面的架构,用于与 Microsoft 和生态系统合作伙伴的安全性解决方案集成。The Microsoft Graph Security API provides a unified interface and schema to integrate with security solutions from Microsoft and ecosystem partners. 这使客户能够简化安全性操作和更好地抵御日益增多的网络威胁。This empowers customers to streamline security operations and better defend against increasing cyber threats. Microsoft Graph 安全性 API 将查询与所有已上架的安全性提供商进行联接并生成相关响应。The Microsoft Graph Security API federates queries to all onboarded security providers and aggregates responses. 使用 Microsoft Graph 安全性 API 构建具有以下优势的应用程序:Use the Microsoft Graph Security API to build applications that:

  • 合并和关联多个来源的安全警报Consolidate and correlate security alerts from multiple sources
  • 解锁上下文数据,以提供信息帮助调查Unlock contextual data to inform investigations
  • 自动处理安全任务、业务流程、工作流和报告Automate security tasks, business processes, workflows, and reporting
  • 发送 Microsoft 产品威胁指示器供自定义检测Send threat indicators to Microsoft products for customized detections
  • 采取操作来应对新的威胁Invoke actions to in response to new threats
  • 直观显示安全数据,实现主动风险管理Provide visibility into security data to enable proactive risk management

Microsoft Graph 安全性 API 包括以下关键实体。The Microsoft Graph Security API includes the following key entities.

警报Alerts

警报是指 Microsoft 或其合作伙伴安全解决方案在客户的租户中识别并标记要进行操作或发送通知的潜在安全问题。Alerts are potential security issues within a customer's tenant that Microsoft or partner security solutions have identified and flagged for action or notification. 借助 Microsoft Graph 安全性警报实体,你可对所有集成解决方案中的安全问题进行统一和简化。With the Microsoft Graph Security alerts entity, you can unify and streamline management of security issues across all integrated solutions. 此外,这还能使应用程序关联警报和上下文,从而提升威胁防护和响应。This also enables applications to correlate alerts and context to improve threat protection and response. 利用警报更新功能,你可以更新警报实体,从而同步与 Microsoft Graph 安全性 API 集成的不同安全产品和服务中的特定警报状态。With the alert update capability, you can sync the status of specific alerts across different security products and services that are integrated with the Microsoft Graph Security API by updating your alerts entity.

Microsoft Graph 安全性 API 提供来自以下提供商的警报。Alerts from the following providers are available via the Microsoft Graph Security API. 下表显示了对 GET 警报、PATCH 警报和订阅(通过 webhooks)的支持。Support for GET alerts, PATCH alerts, and Subscribe (via webhooks) is indicated in the following table.

安全提供商Security provider

GET 警报GET alert

PATCH 警报PATCH alert

订阅订阅Subscribe to alert

Azure 安全中心Azure Security Center

Azure Active Directory Identity ProtectionAzure Active Directory Identity Protection

提交问题 *File issue *

Microsoft Cloud App SecurityMicrosoft Cloud App Security

提交问题 *File issue *

(即将推出)(Coming soon)

Microsoft Defender 高级威胁防护 **Microsoft Defender Advanced Threat Protection **

提交问题File issue

Azure 高级威胁防护 ***Azure Advanced Threat Protection ***

提交问题 *File issue *

(即将推出)(Coming soon)

Microsoft 365Microsoft 365

提交问题File issue

(即将推出)(Coming soon)

提交问题File issue

Azure 信息保护(预览版)Azure Information Protection (preview)

提交问题 *File issue *

Azure Sentinel(预览版)Azure Sentinel (preview)

在 Azure Sentinel 中不受支持Not supported in Azure Sentinel

注意: 新的提供商将会不断加入 Microsoft Graph 安全生态系统。Note: New providers are continuously onboarding to the Microsoft Graph Security ecosystem. 要请求新的提供商或从现有提供商处获取更长时间的支持,请在 Microsoft Graph 安全性 GitHub 存储库中提交问题To request new providers or for extended support from existing providers, file an issue in the Microsoft Graph Security GitHub repo.

* 文件问题:警报状态在 Microsoft Graph 安全性 API 集成应用程序中得到更新,但不反映在供应商的管理经验中。* File issue: Alert status gets updated across Microsoft Graph Security API integrated applications but not reflected in the provider’s management experience.

**与 Microsoft Graph 安全性 API 相比,Windows Defender 高级威胁防护所需的用户角色更多。** Microsoft Defender Advanced Threat Protection requires additional user roles to those required by the Microsoft Graph Security API. 只有同时具备 Microsoft Defender 高级威胁防护和 Microsoft Graph 安全 API 角色的用户才可访问 Microsoft Defender 高级威胁防护数据。Only the users in both Microsoft Defender Advanced Threat Protection and Microsoft Graph Security API roles can have access to the Microsoft Defender Advanced Threat Protection data. 由于仅限应用程序的身份验证不受此约束限制;我们建议使用仅限应用程序的身份验证令牌。Because application-only authentication is not limited by this, we recommend that you use an application-only authentication token.

***Azure 高级威胁防护警报通过 Microsoft Cloud App Security 集成提供。*** Azure Advanced Threat Protection alerts are available via the Microsoft Cloud App Security integration. 这意味着只有在已加入统一 SecOps 预览计划并已将 Azure 高级威胁防护连接到 Microsoft Cloud App Security 的情况下,才能获得 Azure 高级威胁防护警报。This means you will get Azure Advanced Threat Protection alerts only if you have joined the Unified SecOps preview program and connected Azure Advanced Threat Protection into Microsoft Cloud App Security.

信息保护Information protection

Microsoft Graph 威胁评估 API 可帮助组织评估租户中任何用户收到的威胁。The Microsoft Graph threat assessment API helps organizations to assess the threat received by any user in a tenant. 这样,客户就可将其收到的垃圾电子邮件、网络钓鱼 URL 或恶意软件附件报告给 Microsoft。This empowers customers to report spam emails, phishing URLs or malware attachments they receive to Microsoft. 策略检查结果和重新扫描结果可帮助租户管理员了解威胁扫描判定并调整其组织策略。The policy check result and rescan result can help tenant administrators understand the threat scanning verdict and adjust their organizational policy.

安全功能分数Secure Score

Microsoft 安全功能分数是一款安全分析解决方案,可让你了解安全项目组合以及如何改进这些组合。Microsoft Secure Score is a security analytics solution that gives you visibility into your security portfolio and how to improve it. 只需一个分数,你就可以更好地了解已采取了哪些措施来降低 Microsoft 解决方案中的风险。With a single score, you can better understand what you have done to reduce your risk in Microsoft solutions. 此外,你还可以将你的分数与其他组织比较,以了解你的分数趋势。You can also compare your score with other organizations and see how your score has been trending over time. Microsoft Graph 安全性 secureScoresecureScoreControlProfile 实体可以帮助你实现组织的安全性与生产力需求之间的平衡,同时支持相应的安全功能混合。The Microsoft Graph Security secureScore and secureScoreControlProfile entities help you balance your organization's security and productivity needs while enabling the appropriate mix of security features. 你也可以计划采取安全功能之后的分数。You can also project what your score would be after you adopt security features.

常见用例Common use cases

下面是为使用 Microsoft Graph 安全性 API 而提出的最常见请求:The following are some of the most popular requests for working with the Microsoft Graph Security API:

用例Use cases REST 资源REST resources 在 Graph 浏览器中试调用Try it in Graph Explorer
列出警报List alerts List alertsList alerts https://graph.microsoft.com/v1.0/security/alerts
更新警报Update alerts Update alertUpdate alert https://graph.microsoft.com/v1.0/security/alerts/{alert-id}
列出安全功能分数List secure scores 列出 secureScoreList secureScores https://graph.microsoft.com/v1.0/security/secureScores
获取安全功能分数Get secure score 获取 secureScoreGet secureScore https://graph.microsoft.com/v1.0/security/secureScores/{id}
列出安全功能分数控制配置文件List secure score control profiles 列出 secureScoreControlProfilesList secureScoreControlProfiles https://graph.microsoft.com/v1.0/security/secureScoreControlProfiles/{id}
获取安全功能分数控制配置文件Get secure score control profile 获取 secureScoreControlProfileGet secureScoreControlProfile https://graph.microsoft.com/v1.0/security/secureScoreControlProfiles
更新安全功能分数控制配置文件Update secure score control profiles 更新 secureScoreControlProfileUpdate secureScoreControlProfile https://graph.microsoft.com/v1.0/security/secureScoreControlProfiles/{id}

可使用 Microsoft Graph Webhook 订阅和接收与 Microsoft Graph 安全性实体更新相关的通知。You can use Microsoft Graph webhooks to subscribe to and receive notifications about updates to Microsoft Graph Security entities.

资源Resources

Microsoft Graph 安全性 API 示例的代码和贡献情况:Code and contribute to these Microsoft Graph Security API samples:

与社区互动:Engage with the community:

最近更新What's new

了解这些 API 集的最新功能和更新Find out about the latest new features and updates for these API sets.

后续步骤Next steps

Microsoft Graph 安全性 API 可以为你提供使用 Microsoft 和合作伙伴的不同安全解决方案的新方式。The Microsoft Graph Security API can open up new ways for you to engage with different security solutions from Microsoft and partners. 请按照以下步骤开始操作:Follow these steps to get started:

需要更多灵感?请参阅我们的一些合作伙伴如何使用 Microsoft GraphNeed more ideas? See how some of our partners are using Microsoft Graph.

另请参阅See also

Microsoft Graph 安全性 API 示例的代码和贡献情况Code and contribute to these Microsoft Graph Security API samples:

了解可与 Microsoft Graph 安全性 API 连接的其他选项:Explore other options to connect with the Microsoft Graph Security API:

与社区互动:Engage with the community: