Security solution integrations using the Microsoft Graph Security API
You can connect with the Microsoft Graph Security API using any of the following options. These options enable you to work with data in a unified format across supported Microsoft and partner security providers through a single integration:
- Use the supported integration options: Refer to the list of supported integration options such as writing code to directly connect your application to derive rich insights.
- Use native integrations and connectors built by Microsoft partners: Refer to the Microsoft Graph Security API partner solutions to use these integrations.
- Use connectors built by Microsoft: Refer to the list of connectors that you can use to connect with the API through a variety of solutions for Security Incident and Management (SIEM), Security Response and Orchestration (SOAR), Incident Tracking and Service Management (ITSM), reporting, and so on.
List of connectors from Microsoft
| Solution type | Name | Connector | Announcement |
|---|---|---|---|
| SIEM | Splunk Enterprise and Splunk Cloud | Microsoft Graph Security API Add-On for Splunk | Blog post Splunk on Cloud blog post |
| SIEM | QRadar | Microsoft Graph Security API Protocol and supported QRadar DSMs | - |
| ITSM | ServiceNow | Microsoft Graph Security API alert ingestion integration | - |
| SOAR | Azure Logic Apps / Microsoft Flow | Microsoft Graph Security connector for Azure Logic Apps, Microsoft Flow and Power Apps | Blog post |
| Automation | PowerShell module | Microsoft Graph Security PowerShell Module | Blog post |
| Reporting | Power BI | Microsoft Graph Security connector for Power BI | Blog post |
If you would like to support native integrations in your solution or be a data provider for the Microsoft Graph Security API, review the partnership opportunities.