Hi Guys,
Is there an integration for Microsoft Defender XDR available in the SOAR Marketplace?
Solved! Go to Solution.
Hey,
you can use ATP and 365 for this or if you have also Azure Sentinel active you could transfer all alerts to Sentinel and then to SOAR that works with analytic rules from Sentinel and the default Rules from Defender ATP / Defender for Endpoint.
Then you just need a playbook that handle the different Detection Source or the Incident from Azure Sentinel.
Regards,
Hi VictorSOAR,
There are multiple Microsoft Defender integrations in the SOAR marketplace to meet your needs:
https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/microsoft-defender-atp
https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/microsoft-365-defender
https://cloud.google.com/chronicle/docs/soar/marketplace-integrations
Hope this helps.
Thanks @Ben_T for your response,
Yes, I noticed these integrations are available in the marketplace. However, I was specifically looking for an integration tailored to Microsoft Defender XDR. I couldnโt find one for XDR, so I was wondering if any of the available Defender integrations also cover XDR?
I'm not a Microsoft expert, but my understanding is that Microsoft XDR is a broader security platform that extends visibility and context across attack surfaces/products like Microsoft Defender for Endpoint(ATP) and Microsoft Defender for Office 365.
Think of it this way:
Thanks @Ben_T for more clarity
Hey,
you can use ATP and 365 for this or if you have also Azure Sentinel active you could transfer all alerts to Sentinel and then to SOAR that works with analytic rules from Sentinel and the default Rules from Defender ATP / Defender for Endpoint.
Then you just need a playbook that handle the different Detection Source or the Incident from Azure Sentinel.
Regards,
Thanks @gsec . will try 365 integration for XDR