none
qradar removed? RRS feed

Answers

  • Microsoft have built a new data connector for Splunk and are working with QRadar to support native integration of Microsoft Graph Security alerts to be available in QRadar to enable the SIEM integration scenarios with the Microsoft Graph Security API.

    The earlier approach of streaming Microsoft Graph Security API alerts into Splunk and QRadar using Azure Monitor has the following limitations.

    1. Lack of parity in security data providers supported through the Azure Monitor pipe for Graph Security alerts Vs. a direct integration / using a connector
    2. Parity in alert data available through that pipeline. There are lots of issues with alerts missing alert property information through the Azure Monitor pipe for Graph Security alerts.

    To minimize dependencies on the Azure Monitor pipe for streaming Microsoft Graph Security alerts, Microsoft have replaced the documentation with the Splunk add-on for streaming Graph Security API alerts into Splunk and should have QRadar native integration supported in the next few months as well.

    Hope this helps!

    Thursday, September 12, 2019 4:20 AM