Details
Content
Dependencies
Version History

Unified gateway to security insights - all from a unified Microsoft Graph Security API.

Microsoft Graph Security

This pack includes XSIAM content.

Use the Microsoft Graph integration to fetch and manage alerts from various Microsoft security sources, such as:

Azure ATP
Azure Security Center
Microsoft CAS
Azure Active Directory Identity Protection
Azure Sentinel
Microsoft Defender for Endpoint (ATP)

What does this pack do?

Unify and standardize alert tracking
Correlate security alerts to improve threat protection and response
Update alert tags, status, and assignments
Unlock security context to drive investigation
Automate security workflows and reporting
Get deep insights to train security solutions

Microsoft Graph Security

This pack includes XSIAM content.

Pay attention: Timestamp parsing is available for UTC timezone, using the yyyy-mm-ssTHH:MM:SS.3msZ format.

Use the Microsoft Graph integration to fetch and manage alerts from various Microsoft security sources, such as:

Microsoft 365 Defender unified alerts API
Microsoft Defender for Endpoint
Microsoft Defender for Office 365
Microsoft Defender for Identity
Microsoft Defender for Cloud Apps
Microsoft Purview Data Loss Prevention (including any future new signals integrated into M365D).

What does this pack do?

This content XDM mappings are based on the Office 365 integration, in the Graph API section enable alertv2 Doc.
Unify and standardize alert tracking
Correlate security alerts to improve threat protection and response
Update alert tags, status, and assignments
Unlock security context to drive investigation
Automate security workflows and reporting
Get deep insights to train security solutions

Classifiers

Name	Description
Graph Security Alert

Incident Fields

Name	Description
Microsoft Graph Security Detector Id
Microsoft Graph Security Recommended Action
Microsoft Graph Security Alert Determination
Microsoft Graph Security Service Source
Microsoft Graph Security Id
Microsoft Graph Security Comment
Microsoft Graph Security Alert Evidence

Incident Types

Name	Description
Graph Security Alert

Integrations

Name	Description
Microsoft Graph Security	Unified gateway to security insights - all from a unified Microsoft Graph Security API.

Classifiers

Name	Description
Graph Security Alert

Incident Fields

Name	Description
Microsoft Graph Security Alert Determination
Microsoft Graph Security Id
Microsoft Graph Security Comment
Microsoft Graph Security Recommended Action
Microsoft Graph Security Service Source
Microsoft Graph Security Detector Id
Microsoft Graph Security Alert Evidence

Incident Types

Name	Description
Graph Security Alert

Integrations

Name	Description
Microsoft Graph Security	Unified gateway to security insights - all from a unified Microsoft Graph Security API.

Modeling Rules

Name	Description
Microsoft Graph Security Modeling Rules

Parsing Rules

Name	Description
Microsoft Graph Security Parsing Rules

Required Content Packs (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

Optional Content Packs (2)

Pack Name	Pack By
Common Types	By: Cortex XSOAR
Malware Core	By: Cortex XSOAR

All level dependencies (2)

Pack Name	Pack By
Filters And Transformers	By: Cortex XSOAR
Base	By: Cortex XSOAR

2.2.20 - 1669335 (November 19, 2024)

Integrations

Microsoft Graph Security

Fixed an issue in MicrosoftApiModule where the GCC High Defender endpoint was incorrect.

Related pull requests:
- 37253

Download

2.2.19 - 1480610 (October 8, 2024)

Integrations

Microsoft Graph Security

Added infrastructure support for Microsoft Graph Application endpoints.

Related pull requests:
- 36407

Download

2.2.18 - 1244506 (August 5, 2024)

Integrations

Microsoft Graph Security

Updated the MicrosoftApiModule with exchange_online endpoints.

Related pull requests:
- 34917
- 34909
- 34903
- 34906
- 34147
- 34217
- 34908
- 34619
- 34911
- 34823
- 34837
- 34918
- 34816
- 34630
- 34871
- 34767
- 34879
- 34912
- 34840
- 34931
- 34892
- 34920
- 34926
- 34814
- 34811
- 34964
- 34967
- 34979
- 34921
- 34990
- 34896
- 34966
- 34985
- 34983
- 34255
- 34975
- 34999
- 34913
- 35000
- 34990
- 35002
- 34932
- 34862
- 35005
- 34868
- 34977
- 35009
- 34969
- 34591
- 34693
- 34657
- 34671
- 34681
- 34676
- 34672
- 34372
- 34701
- 34660
- 34684
- 34700
- 34702
- 34696
- 34117
- 34704
- 34706
- 34692
- 33735
- 34714
- 34703
- 34353
- 34725
- 34694
- 34734
- 34640
- 34724
- 34652
- 34443
- 34730
- 34653
- 34732
- 34667
- 34709
- 34755
- 34759
- 32423
- 34598
- 34758
- 34745
- 34762
- 34327
- 34742
- 34474
- 34766
- 34774
- 34782
- 34763
- 34756
- 34747
- 34645
- 34532
- 34675
- 34777
- 34788
- 34804
- 34729
- 34796
- 34691
- 34784
- 34783
- 34765
- 34485
- 34768
- 34593
- 34813
- 34818
- 34832
- 34772
- 34830
- 34833
- 34829
- 34834
- 34839
- 34828
- 34388
- 34838
- 34761
- 34858
- 34861
- 34764
- 34738
- 34538
- 34831
- 34748
- 34846
- 34845
- 34864
- 34817
- 34686
- 34865
- 34867
- 34863
- 34880
- 34876
- 34386
- 34881
- 34884
- 34799
- 34827
- 34883
- 34886
- 34512
- 34887
- 34889
- 34877
- 34904
- 34905
- 34909
- 34903
- 34906
- 34147
- 34217
- 34908
- 34619
- 34911
- 34823
- 34837
- 34918
- 34816
- 34630
- 34871
- 34767
- 34879
- 34912
- 34840
- 34931
- 34892
- 34920
- 34926
- 34814
- 34811
- 34964
- 34967
- 34979
- 34921
- 34990
- 34896
- 34966
- 34985
- 34983
- 34255
- 34608
- 35026
- 35029
- 35015
- 35023
- 34776
- 34654
- 34978
- 34986
- 34938
- 34506
- 35011
- 35014
- 34779
- 35019
- 35039
- 34897
- 35049
- 35016
- 35046
- 35051
- 35040
- 34614
- 32477

Download

2.2.17 - 1066075 (June 3, 2024)

Integrations

Microsoft Graph Security

Fixed an issue in where the GCC endpoints were incorrect in the supported integrations.

Related pull requests:
- 34634

Download

2.2.16 - 1051712 (May 28, 2024)

Integrations

Microsoft Graph Security

Added support for Microsoft Defender 365 Endpoint in the Microsoft API Module.
Updated the MicrosoftApiModule to better handle the Authorization Code flow in the supported integrations.

Related pull requests:
- 34495

Download

2.2.15 - 1021616 (May 16, 2024)

Integrations

Microsoft Graph Security

Fixed an issue in MicrosoftApiModule where the GCC endpoints were incorrect.

Related pull requests:
- 34360

Download

2.2.14 - 928769 (April 2, 2024)

Integrations

Microsoft Graph Security

Added support for the following commands:

msg-advanced-hunting - Accepts a query and retrieves 30 days of event data from Microsoft Graph Security.
msg-list-security-incident - Retrieved a list of incident objects to track attacks in an organization.
msg-update-security-incident - Updated the incident with the given ID.

Related pull requests:
- 33413

Download

2.2.13 - 919924 (March 28, 2024)

Integrations

Microsoft Graph Security

Added a timeout value to the retry on rate limit mechanism.

Related pull requests:
- 33413
- 33412

Download

2.2.12 - 891799 (March 14, 2024)

Integrations

Microsoft Graph Security

Documentation and metadata improvements.

Related pull requests:
- 33325

Download

2.2.11 - 860237 (February 29, 2024)

Integrations

Microsoft Graph Security

Added support for the OAuth consent dialog after the user signs in using the msg-generate-login-url command.

Related pull requests:
- 31942

Download

2.2.10 - 854016 (February 26, 2024)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 33049

Download

2.2.9 - 851225 (February 25, 2024)

Integrations

Microsoft Graph Security

Updated the purge_areas and purge_type arguments of the msg-purge-ediscovery-data command to include only the purgeType and purgeAreas options supported by Microsoft.

Related pull requests:
- 33054

Download

2.2.8 - 841209 (February 20, 2024)

Integrations

Microsoft Graph Security

Updated the documentation for the msg-update-alert command to include only the determination and classification options supported by Microsoft.
Updated the Docker image to: demisto/crypto:1.0.0.87358.

Related pull requests:
- 32983

Download

2.2.7 - 807749 (February 5, 2024)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 32702

Download

2.2.6 - 7087775 (December 6, 2023)

Integrations

Microsoft Graph Security

Added support for threat assessment functionality to help organizations assess the threat received by any user in a tenant.
Updated the Docker image to: demisto/crypto:1.0.0.82826.

Related pull requests:
- 30110

Download

2.2.5 - 6735458 (October 29, 2023)

Integrations

Microsoft Graph Security

Fixed an issue where the test button could not test the service_sources.

Related pull requests:
- 30482

Download

2.2.4 - R6592021 (October 13, 2023)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 29797

Download

2.2.3 - 6226805 (September 3, 2023)

Integrations

Microsoft Graph Security

Added a moderate retry mechanism for the authorization HTTP request through oproxy.

Related pull requests:
- 29015

Download

2.2.2 - 6170593 (August 28, 2023)

Integrations

Microsoft Graph Security

Added an infrastructure support for Microsoft Graph Application Endpoints.

Related pull requests:
- 28801

Download

2.2.1 - 6133197 (August 23, 2023)

Integrations

Microsoft Graph Security

Fixed an issue where instances using version 2.1.28 of the pack could have authentication issues.

Related pull requests:
- 29173

Download

2.2.0 - 6122748 (August 22, 2023)

Integrations

Microsoft Graph Security

Added the following commands to support Microsoft Purview eDiscovery.

msg-create-ediscovery-case
msg-update-ediscovery-case
msg-close-ediscovery-case
msg-reopen-ediscovery-case
msg-delete-ediscovery-case
msg-list-ediscovery-cases
msg-create-ediscovery-custodian
msg-list-ediscovery-custodians
msg-activate-ediscovery-custodian
msg-release-ediscovery-custodian
msg-apply-hold-ediscovery-custodian
msg-remove-hold-ediscovery-custodian
msg-create-ediscovery-custodian-site-source
msg-create-ediscovery-custodian-user-source
msg-list-ediscovery-custodian-site-sources
msg-list-ediscovery-custodian-user-sources
msg-create-ediscovery-non-custodial-data-source
msg-list-ediscovery-non-custodial-data-sources
msg-create-ediscovery-search
msg-update-ediscovery-search
msg-delete-ediscovery-search
msg-list-ediscovery-searchs
msg-purge-ediscovery-data
msg-auth-test
msg-generate-login-url

Related pull requests:
- 27562

Download

2.1.28 - 6106826 (August 21, 2023)

Integrations

Microsoft Graph Security

Fixed an issue where changes made to the Authorization code parameter were not being reflected in the integration code, resulting in the continued use of the first parameter.

Related pull requests:
- 29035
- 29173

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	August 25, 2020
Last Release	November 19, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.