Microsoft Graph Security

You can now easily send indicators to products like Microsoft Defender ATP (Advanced Threat Protection) and Azure Sentinel using the Microsoft Graph Security Threat Indicators Playbook App or Job App. The job app allows you to send thousands of indicators in bulk (vs. tactically with the Playbook app). ThreatConnect helps to increase accuracy and efficiency in your organization by ensuring that only high fidelity indicators are being sent to Microsoft Graph to be sent further along to products like Microsoft Defender ATP and Azure Sentinel. Once indicators have made it to these products, you can set up alerts and block actions for them. When alerts are generated based on intelligence from ThreatConnect, you’ll feel confident to make fast and informed decisions. Below are apps and use cases:

• Microsoft Graph Security Alerts – List, Get and Update Graph Security Alerts.
• Microsoft Graph Security Threat Indicators – Enables users to send Indicators from ThreatConnect into Microsoft Graph Security for alerting and blocking with target products like Azure Sentinel and Microsoft Defender ATP. Tens of thousands of indicators can be sent in bulk from ThreatConnect in Sentinel. The integration supports Indicator types of Address, Host, CIDR, URL, User Agent, Email Address, Email Subject, and File (MD5, SHA1, and SHA256), along with the relevant context for each Indicator type.

These apps can be found in the ThreatConnect App Catalog under the following names: Microsoft Graph Security Threat Indicators and Microsoft Graph Security Alerts.