- Microsoft identity context to Red Canary detections to quickly understand the full scope of confirmed threats and accelerate investigation and remediation.
To get started, integrate Defender for Identity and Azure AD Identity Protection alerts into Red Canary by enabling the Microsoft Graph API alert source in the Alert Sources section of the Red Canary Portal.
Once this integration is enabled, Red Canary’s Security Operations Platform will analyze every Defender for Identity and Azure AD Identity Protection alert, integrating relevant alerts into Confirmed Threat detection timelines.
Relevant alerts will appear in time sequence in a detection timeline. Alerts from these and other sources which aren’t related or relevant to a detection will be available in the External Alerts section of the Red Canary portal for your review. (Available to all customers 9/15/21).
- All Microsoft 365 Defender Alerts are available to integrate into the Red Canary Security Operations Platform via the Microsoft Graph API integration. By configuring the Microsoft Graph API alert source, Red Canary will collect alerts from the following workloads:
- Microsoft Defender for Identity
- Azure AD Identity Protection
- Microsoft Cloud Application Security
- Defender for Office 365
- Each workload can be enabled/disabled individually.
- Error encountered when configuring web hooks for automated Teams messages in Red Canary playbooks. Valid web hooks can now be successfully configured in Red Canary and used to automatically send messages via Microsoft Teams.