Microsoft Defender for Endpoint (aka ATP)
Overview
Microsoft Defender for Endpoint is a cloud-based enterprise-grade security platform that offers advanced threat detection and response capabilities. It offers real-time monitoring, threat analytics, and automated remediation services that enable users to manage assets in their security environment.
Available Integrations
| Service | Supported Asset Type(s) | Integration Type |
|---|---|---|
| Microsoft Defender for Endpoint – Devices | Devices | Source |
| Microsoft Defender for Endpoint – Software | Software | Source |
| Microsoft Defender for Endpoint – Vulnerabilities | Vulnerabilities | Source |
Please review the configuration instructions in the section below before setting up permissions for apps.
Configuration
- Configure the Access Schema: Configure the plugin with the required fields.
Client ID and Secret
| Field | Description | Example |
|---|---|---|
Client ID* | The unique ID (aka client id) of the app created for access. | 00000000-0000-0000-0000-000000000000 |
Region | The region associated with your instance of Microsoft Defender | Public |
Client Secret* | The value of the app secret (aka client secret) used to authenticate with the source. | *********************** |
- Add an Integration: Select the integration(s) you'd like to add. See links for details on additional configuration required.
- Configure General Information: OPTIONAL: You can use the following fields to provide additional information about your configuration.
| Field | Description | Example |
|---|---|---|
| 'Name (optional)' | Uniquely identifiable attribute of the configuration to delineate other similar configurations with the existing organization. | 'DMZ network' |
| 'Contact Person (optional)' | A placeholder to input a name or email address of a contact associated with the integration. | 'Jane Doe' |
| 'Link to Console (optional)' | A placeholder to input a link to the console of the product Sevco is integrating with for quick reference and access when configuring or editing the integration. | 'www.product.com/devices' |
- Activate Config: Select "Activate" to enable this configuration and begin pulling data.
Source Documentation
Creating credentials
You'll be asked to provide a app secret (aka client secret) that Sevco will use to connect to Microsoft Defender. This will require the creation of an app in Azure in order to provide API-based access. Click here for instructions on creating an account.
NOTE: Ensure to input the App Secret Value, not the ID when configuring the plugin.
Required Permissions
Please refer to our integrations docs for information on what permissions are required for each integration.
Contact Us
If you're having problems integrating a source, or if you've found something wrong in this document, please email us at [email protected].
Tags: cloud, epp-edr
Updated about 2 months ago