AnsweredAssumed Answered

Does RSA support collecting from this MS API

Question asked by Renee Russell on Apr 3, 2019

The API we are being asked to get data from is:

GET https://graph.microsoft.com/v1.0/security/alerts

 

I see documented that these are supported:

Office365

  • Audit_AzureActiveDirectory
  • Audit Exchange
  • Audit. SharePoint
  • Audit_General (includes all other workloads not included in the previous content types)
  • DLP All (DLP events only for all workloads)

Azure

  • azureaudit: collects management logs
  • azure_ad_signin: collects Active Directory sign-in logs
  • azure_ad_audit: collects Active Directory audit logs

 

I do not seem to have visibility into what these are collecting so have no idea what they talk to and am being asked to provide a feasibility of collecting from that API. I have spent days trying to tease out this answer and cannot, would anyone be able to say if and where this api can be called? 

Outcomes