This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

Microsoft Defender XDR integration

Posted on 09-12-2024 06:05 AM
VictorSOAR
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hi Guys,

Is there an integration for Microsoft Defender XDR available in the SOAR Marketplace?

Solved Solved
1 6 894
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
gsec
Bronze 5
Bronze 5
In response to VictorSOAR
Reply posted on --/--/---- --:-- AM

Hey,

you can use ATP and 365 for this or if you have also Azure Sentinel active you could transfer all alerts to Sentinel and then to SOAR that works with analytic rules from Sentinel and the default Rules from Defender ATP / Defender for Endpoint.

Then you just need a playbook that handle the different Detection Source or the Incident from Azure Sentinel.

Regards,

View solution in original post

Jump to Solution
6 REPLIES 6

Posted on --/--/---- --:-- AM
Ben_T
Staff
Reply posted on --/--/---- --:-- AM

Hi VictorSOAR,

There are multiple Microsoft Defender integrations in the SOAR marketplace to meet your needs:

https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/microsoft-defender-atp

https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/microsoft-365-defender

https://cloud.google.com/chronicle/docs/soar/marketplace-integrations

Hope this helps.

 

Jump to Solution

Posted on --/--/---- --:-- AM
VictorSOAR
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Thanks @Ben_T  for your response,

Yes, I noticed these integrations are available in the marketplace. However, I was specifically looking for an integration tailored to Microsoft Defender XDR. I couldnโ€™t find one for XDR, so I was wondering if any of the available Defender integrations also cover XDR?

Jump to Solution

Posted on --/--/---- --:-- AM
Ben_T
Staff
In response to VictorSOAR
Reply posted on --/--/---- --:-- AM

I'm not a Microsoft expert, but my understanding is that Microsoft XDR is a broader security platform that extends visibility and context across attack surfaces/products like Microsoft Defender for Endpoint(ATP) and Microsoft Defender for Office 365.

Think of it this way:

  • MDE is like a security guard protecting a single building (your endpoints).
  • Microsoft XDR is like a network of security cameras and sensors monitoring the entire city (endpoints, email, etc), with MDE being one of the cameras focused on a crucial area.
Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
VictorSOAR
Bronze 2
Bronze 2
In response to Ben_T
Reply posted on --/--/---- --:-- AM

Thanks @Ben_T  for more clarity

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
gsec
Bronze 5
Bronze 5
In response to VictorSOAR
Reply posted on --/--/---- --:-- AM

Hey,

you can use ATP and 365 for this or if you have also Azure Sentinel active you could transfer all alerts to Sentinel and then to SOAR that works with analytic rules from Sentinel and the default Rules from Defender ATP / Defender for Endpoint.

Then you just need a playbook that handle the different Detection Source or the Incident from Azure Sentinel.

Regards,

Jump to Solution

Posted on --/--/---- --:-- AM
VictorSOAR
Bronze 2
Bronze 2
In response to gsec
Reply posted on --/--/---- --:-- AM

Thanks @gsec . will try 365 integration for XDR

Jump to Solution
0 Likes
Top Solution Authors
View all