Table of Contents | ||||
---|---|---|---|---|
|
...
Anchor | ||||
---|---|---|---|---|
|
Alerts are potential security issues within a customer's tenant that Microsoft or partner security solutions have identified and flagged for action or notification. With the Microsoft Graph alerts entity, you can unify and streamline management of security issues across all integrated solutions.
Alerts Security Providers:
...
Currently, the Microsoft Graph collector generates security activities for these resources. The collector processes the Microsoft Graph responses and sends them to the Devo platform, which will categorize all the information received on tables along rows and columns on your Devo domain.
Microsoft Graph resources
Listed in the table below are the application names, details, and how the Devo platform treats the data and to which tables sends it:
Application name | Details | Devo data tables |
---|---|---|
alerts | Represents potential security issues within a customer's tenant that Microsoft or partner security solutions have identified. Use alerts to unify and streamline security issue management across all integrated solutions. |
|
secureScore | Represents a tenant's secure score per day of scoring data, at the tenant and control level. By default, 90 days of data is held. |
|
secureScoreControlProfile | Represents a tenant's secure score per control data. By default, it returns all controls for a tenant and can explicitly pull individual controls. |
|
...
Rw ui tabs macro | ||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
We use a piece of software called Collector Server to host and manage all our available collectors. If you want us to host this collector for you, get in touch with us and we will guide you through the configuration.
This data collector can be run in any machine that has the Docker service available because it should be executed as a docker container. The following sections explain how to prepare all the required setup for having the data collector running.
The following directory structure should be created for being used when running the Microsoft Graphcollector:
In Devo, go to Administration → Credentials → X.509 Certificates, download the Certificate, Private key and Chain CA and save them in
In the config-msgraph.yaml file, replace the
Download the Docker imageThe collector should be deployed as a Docker container. Download the Docker image of the collector as a .tgz file by clicking the link in the following table:
Use the following command to add the Docker image to the system:
The Docker image can be deployed on the following services:
DockerExecute the following command on the root directory
Docker ComposeThe following Docker Compose file can be used to execute the Docker container. It must be created in the
To run the container using docker-compose, execute the following command from the
|
...