Use Microsoft Graph to correlate multiple security alerts in order to improve threat protection and response
"The security API not only allows us to receive actionable alert information but also allows our security analysts to pivot and enrich alerts with asset and user information."
Use one API to access security alerts from Microsoft and partners
Calls to the Security API are federated to all supported Microsoft security products, services, and partners. The results are aggregated in a common schema, making it easier to correlate alerts from multiple sources. By connecting and enriching alerts, you can more easily understand the scope and impact of an attack. Query for all alerts pertaining to specific users, devices, files, or even command lines when investigating a specific threat or use webhook subscriptions to get notified when any new alert matching your search criteria is created or updated.
Update alert tags, status, and assignments
Tag alerts with additional context or threat intelligence to inform response and remediation. Ensure that comments and feedback on alerts are captured for visibility to all workflows. Keep alert status and assignments in sync so that all integrated solutions reflect the current state. Use webhook subscriptions to get notified of changes.