The Microsoft Graph Security API simplifies integration with Microsoft and third-party security solutions. Using one endpoint, one software development kit (SDK), one schema, and one authentication mechanism, you can easily build integrated security applications, workflows, and analytics.
Benefits for Managed Security Service Providers
Security operations center (SOC) shall leverage Microsoft Security Graph to achieve various use-cases (listed below)
- Standardize alert tracking with security solution integrations: Using API connectors stream alerts to Security Information and Event Management (SIEM), SOAR, Automation and Reporting.
- Correlate security alerts to improve threat protection and response: Correlate alerts across security solutions more easily with a unified alert schema to enrich alerts with asset and user information, enabling faster response to threats and asset protection
- Update alert tags, status, and assignments: Tag alerts with additional context or threat intelligence to inform response and remediation. Keep alert status and assignments in sync so that all integrated solutions reflect the current state. Use webhook subscriptions to get notified of changes.
- Unlock security context to drive investigation: Dive deep into related security-relevant inventory (like users, hosts, and apps), then add organizational context from other Microsoft Graph providers (Azure AD, Microsoft Intune, Office 365) to bring business and security contexts together and improve threat response
Security operations shall enhance their services with Microsoft Security Graph API and provide below benefits to organizations
- Streamlined integration with security operations tools, workflows, and reporting.
- Reduced deployment and maintenance time and efforts.
- Automated response to alerts by taking action on threats.
- Ability to deliver more value to MSSP customers.
- Smooth integration with Microsoft security solutions and ecosystem partners.
- Rich alert metadata.
- Better alert correlation.
- Unified threat management, prevention, and risk management across various security solutions.
- Alerts, actions, and customer threat intelligence exposed through Microsoft Graph.
- Instant integration with Microsoft Graph-enabled solutions.
- Gain deep security insights to train other security solutions
Security Operations (SOC) can mash up the Microsoft Graph Security connector with the 200+ Microsoft and non-Microsoft connectors available for Azure Logic Apps, Flow and PowerApps to build end-to-end scenarios based on the requirements.