Microsoft Graph 安全性 API 概述Microsoft Graph Security API overview

Microsoft Graph 安全性 API 可用于连接 Microsoft 安全产品、服务和合作伙伴,以简化安全操作并改进威胁防护、检测和响应功能。You can use the Microsoft Graph Security API to connect Microsoft security products, services, and partners to streamline security operations and improve threat protection, detection, and response capabilities. 作为中介服务(或代理),Microsoft Graph 安全性 API 提供了一个编程接口,用于连接多个 Microsoft Graph 安全提供程序(亦称为“安全提供程序”或“提供程序”)。The Microsoft Graph Security API is an intermediary service (or broker) that provides a single programmatic interface to connect multiple Microsoft Graph Security providers (also called security providers or providers). 向 Microsoft Graph 安全性 API 发出的请求被联合到所有适用的安全提供程序。Requests to the Microsoft Graph Security API are federated to all applicable security providers. 结果以通用架构的形式聚合并返回到发出请求的应用,如下图所示。The results are aggregated and returned to the requesting application in a common schema, as shown in the following diagram. 有关详细信息,请参阅 Microsoft Graph 安全性 API 数据流For details, see Microsoft Graph Security API data flow.

security_overview_diagram_1.png

若要了解授权,请参阅授权和 Microsoft Graph 安全性 APIFor information about authorization, see Authorization and the Microsoft Graph Security API. 若要了解委托的权限和应用权限等权限,请参阅权限For information about permissions, including delegated and application permissions, see Permissions.

为什么要使用 Microsoft Graph 安全性 API?Why use the Microsoft Graph Security API?

Microsoft Graph 安全性 API 可让你轻松连接来自 Microsoft 和合作伙伴的安全解决方案。The Microsoft Graph Security API makes it easy to connect with security solutions from Microsoft and partners. 借助它,可以更容易地实现并丰富这些解决方案的价值。It allows you to more readily realize and enrich the value of these solutions. 你可以使用以下方法之一轻松连接 Microsoft Graph 安全性 API,具体取决于你的要求:You can connect easily with the Microsoft Graph Security API by using one of the following approaches, depending on your requirements:

统一和标准化警报跟踪Unify and standardize alert tracking

连接一次,即可集成来自任何已集成 Microsoft Graph 的安全解决方案的警报,并跨所有解决方案同步警报状态和分配。Connect once to integrate alerts from any Microsoft Graph-integrated security solution and keep alert status and assignments in sync across all solutions. 还可以通过 Azure Monitor 将警报流式处理到安全信息和事件管理 (SIEM) 解决方案(如 Splunk 和 IBM QRadar)。You can also stream alerts to security information and event management (SIEM) solutions, such as Splunk and IBM QRadar, via Azure Monitor. 若要详细了解 SIEM 与安全性 API 实体的集成,请参阅与 SIEM 集成For details about SIEM integration with the security API entities, see Integrate with a SIEM.

关联安全警报以改进威胁防护和响应Correlate security alerts to improve threat protection and response

使用统一警报架构,可以更轻松地跨安全解决方案关联警报。Correlate alerts across security solutions more easily with a unified alert schema. 这样一来,不仅能够接收可操作警报信息,还便于安全分析员使用资产和用户信息来透视和丰富警报,从而更快地响应威胁防护和资产保护。This not only allows you to receive actionable alert information but allows security analysts to pivot and enrich alerts with asset and user information, enabling faster response to threats and asset protection.

更新警报标记、状态和分配Update alert tags, status, and assignments

标记使用其他上下文或威胁情报发出警报,通知响应和修复。Tag alerts with additional context or threat intelligence to inform response and remediation. 确保捕获有关警报的评论和反馈,实现所有工作流程的可见性。Ensure that comments and feedback on alerts are captured for visibility to all workflows. 保持警报状态和分配同步,使所有集成解决方案都能反映当前状态。Keep alert status and assignments in sync so that all integrated solutions reflect the current state. 使用 Webhook 订阅获取变更通知。Use webhook subscriptions to get notified of changes.

解锁安全性上下文以推动调查Unlock security context to drive investigation

深入到相关的安全相关库存(如用户、主机和应用),然后添加来自其他 Microsoft Graph 提供程序(Azure AD、Microsoft Intune、Office 365)的组织上下文,以将业务和安全性上下文结合在一起并改进威胁响应。Dive deep into related security-relevant inventory (like users, hosts, and apps), then add organizational context from other Microsoft Graph providers (Azure AD, Microsoft Intune, Office 365) to bring business and security contexts together and improve threat response.

自动执行安全工作流和报告Automate security workflows and reporting

自动执行安全管理、监视和调查,以提高运营效率和缩短响应时间。Automate security management, monitoring, and investigations to improve operational efficiencies-and response times. 通过将 Microsoft Graph 安全功能集成到报表和仪表板中,获得更深入的见解和上下文。Get deeper insights and context by integrating Microsoft Graph Security into your reports and dashboards.

深入了解如何针对安全解决方案进行培训Get deep insights to train security solutions

直观显示在组织内运行的不同安全产品中的数据,以获得更深入的安全见解。Visualize your data across different security products running in your organization to get deeper security insights. 发现从数据中学习并针对安全解决方案进行培训的机会。Discover opportunities to learn from the data and train your security solutions. 该架构提供了多个属性,可以使用你的安全数据来构建丰富的探索性数据集。The schema provides multiple properties to pivot on to build rich exploratory datasets using your security data.

在 Microsoft 安全解决方案中利用你的威胁智能(预览版)Utilize your threat intelligence in Microsoft security solutions (preview)

自动将威胁指标发送到 Microsoft 安全解决方案,以启用 alertblockallow 操作。Automatically send your threat indicators to Microsoft security solutions to enable alert, block, or allow actions. 直接使用 Microsoft Graph 安全性 API 或利用与领先威胁智能平台的集成。Use the Microsoft Graph Security API directly or take advantage of integrations with leading threat intelligence platforms.

迅速采取行动应对新威胁(预览版)Act quickly in response to new threats (preview)

采取快速行动来抵御新威胁,例如采取相关措施来阻止安全工具和工作流中的文件、URL、域或 IP 地址。Enable swift action to defend against new threats, such as actions to block files, URLs, domains, or IP addresses from within your security tools and workflows.

主动管理安全风险(预览版)Proactively manage security risks (preview)

使用 Microsoft 安全功能分数(预览版)了解组织的安全需求,获取改进方法建议,并预测在采纳这些建议后的改进分数。Use the Microsoft Secure Score (preview) to provide visibility into your organization’s security needs and get suggestions for how to improve it, and project an improved score after those suggestions are incorporated. 可以轻松度量一段时间内的进度,并获取有助于提高分数的具体变更的相关见解。Easily measure your progress over time and get insights on specific changes that led to improvement in your score.

使用 Microsoft Graph 安全性 API 的优势Benefits of using the Microsoft Graph Security API

下表列出了各种安全解决方案与 Microsoft Graph 安全性 API 集成后获得的优势。The following table lists the benefits that different security solutions can access by integrating with the Microsoft Graph Security API.

区域Area 优势Benefits
托管安全服务提供程序 (MSSP)Managed Security Service Providers (MSSPs)
  • 简化了与安全操作工具、工作流和报告功能集成的过程。Streamlined integration with security operations tools, workflows, and reporting.
  • 缩减了部署和维护时间及工作量。Reduced deployment and maintenance time and efforts.
  • 通过对威胁采取措施来自动响应警报。Automated response to alerts by taking action on threats.
  • 能够为 MSSP 客户增值。Ability to deliver more value to MSSP customers.
SIEM 和 IT 风险管理解决方案SIEM and IT Risk management solutions
  • 与 Microsoft 安全解决方案和生态系统合作伙伴顺畅集成。Smooth integration with Microsoft security solutions and ecosystem partners.
  • 丰富的警报元数据。Rich alert metadata.
  • 提升了警报关联性。Better alert correlation.
应用Applications
(威胁智能、移动、云、IOT、欺诈检测、标识和访问、风险和合规性、防火墙等)(Threat intelligence, mobile, cloud, IOT, fraud detection, identity & access, risk & compliance, firewall, and so on)
  • 跨各种安全解决方案统一了威胁管理、防护和风险管理。Unified threat management, prevention, and risk management across various security solutions.
  • Microsoft Graph 中提供了警报、操作和客户威胁智能。Alerts, actions, and customer threat intelligence exposed through Microsoft Graph.
  • 与已启用 Microsoft Graph 的解决方案即时集成。Instant integration with Microsoft Graph-enabled solutions.
  • 获得深入的安全见解,以针对其他安全解决方案进行培训。Gain deep security insights to train other security solutions.

API 参考API reference

在查找此服务的 API 参考?Looking for the API reference for this service?

后续步骤Next steps