This article leads you through the process of integrating Microsoft Graph v2 with Red Canary. Follow the procedure from beginning to end.
- Azure Active Directory Identity Protection v2
- Microsoft 365 Defender v2
- Microsoft Defender for Cloud Apps v2
- Microsoft Defender for Endpoint v2
- Microsoft Defender for Identity v2
- Microsoft Defender for Office 365 v2
Step 1: Red Canary–Input your Microsoft Graph v2 information
Enter your Microsoft Azure information into Red Canary to start sending your alerts.
- From the Red Canary homepage, click Integrations, and then click Alert Sources.
- In the search bar, type and select Microsoft Graph v2.
- To configure your new alert source, scroll down and click Microsoft Graph v2.
- Click Edit Configuration.
- Enter a Name for your external alert source.
- Select a Display Category. The display category is solely help you to distinguish, at a glance, where a product fits into your environment. It does not affect the configuration.
- Under the Ingest Format/Method dropdown, select Microsoft Graph v2 via API Poll.
- Enter your Microsoft Tenant ID.
- Click Save Configuration.
- Click Edit Configuration.
- Under the Permissions section, click the Microsoft consent link.
Step 2: Microsoft Graph V2–Grant Red Canary access to Microsoft Graph v2
Confirm that the Red Canary enterprise application has been configured in your Microsoft Graph v2 account.
- Login using a Global Admin account for the tenant that you want to integrate with Red Canary.
- Click Accept.
Note: For more information about Microsoft permissions, click here.
Step 3: Red Canary–Activate your Microsoft Graph v2 alert source
Enable your new Microsoft Graph v2 alert source in Red Canary.
- From the Red Canary homepage, click Integrations, and then click Alert Sources.
- Click Microsoft Graph v2.
- Click Edit Configuration.
- With all of the required permission settings completed, select Confirm Microsoft Microsoft Graph v2 API Access Granted.
- Click Save Configuration.
- Click Edit Configuration.
- Click Activate.
Note: When activating a Graph v2 alert source, any prior legacy versions of the these APIs will be automatically disabled. These will be kept in a disabled state as there is an active issue with External Alert Source deletion. When deleting an External Alert Source please note that all Alerts and data associated with that source will be removed as well. Red Canary recommends keeping legacy sources in a disabled state to retain any data of interest.
Comments
0 comments
Please sign in to leave a comment.