Microsoft Graph security alerts

This rule is part of a beta feature. To learn more, contact Support.
microsoft-graph

Classification:

attack

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Goal

Detect when a Microsoft security product sends an alert to the Microsoft Graph security API.

Strategy

Microsoft Graph is the gateway to data and intelligence in Microsoft 365. It provides a unified programmability model that you can use to access the tremendous amount of data in Microsoft 365, Windows, and Enterprise Mobility + Security. This detections identifies when an alert from a Microsoft security product is raised and queried through the Microsoft Graph security API.

What happened

{{@triggering_event.description}}

Triage and response

{{@triggering_event.recommendedActions}} If the alert is benign, consider including the user, host, or IP address in a suppression list. See Best practices for creating detection rules with Datadog Cloud SIEM for more information.