Microsoft graph security alerts
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Goal
Detect when a Microsoft security product sends an alert to the Microsoft Graph security API.
Strategy
Microsoft Graph is the gateway to data and intelligence in Microsoft 365. It provides a unified programmability model that you can use to access the data in Microsoft 365, Windows, and Enterprise Mobility + Security. This detection identifies when an alert from a Microsoft security product is raised and queried through the Microsoft Graph security API.
Triage and response
- Investigate the alert to determine if it is malicious or benign.
- If the alert is deemed malicious, follow any recommended actions provided by Microsoft on the alert and also any internal incident response processes.
- If the alert is benign, consider including the user, host, or IP address in a suppression list. See Best practices for creating detection rules with Datadog Cloud SIEM for more information.
