HI @Gaurav Saxena ,
To integrate Microsoft Defender for Endpoint with QRadar, you can use the Microsoft Defender for Endpoint APIs to fetch various security alerts and incidents.
Here's a high-level overview of how to do this:
- Use QRadar's Log Source Management tool to create a new log source.
- Select Microsoft Defender ATP from the list of log source types.
- Enter the required credentials for your Microsoft Defender ATP instance.
- Configure the log source parameters, such as the polling interval.
- Save the configuration.
You can also use the QRadar REST API to automate this process. Here's a link to the Microsoft Defender for Endpoint API documentation: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp And here's a link to the QRadar REST API documentation: https://www.ibm.com/docs/en/qradar/7.3.3?topic=api-restful-apis