Microsoft-Defender-Alert-API-Integration

Microsoft Defender Alert API Integration

All alerts will be pulled based on the time framed specified in config.yaml and written into a file, one alert per line for easy parsing in SIEM.

Integrating Micrsofot Defender with SIEM

Compile the code using go build command
Fill tenantid, appid, and appsecret (api token)
Create scheduled tasks to run every 1 hour
Send the alert to the SIEM using FileBeat agent

Configuration file

filepath        : C:\logs\
tenantId        : 
appId           : 
appSecret       : 
resourceAppIdUri: https://api.securitycenter.windows.com
timerange       : -1h

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
README.md		README.md
config.yaml		config.yaml
go.mod		go.mod
go.sum		go.sum
main.go		main.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

config.yaml

config.yaml

go.mod

go.mod

go.sum

go.sum

main.go

main.go

Repository files navigation

Microsoft-Defender-Alert-API-Integration

Integrating Micrsofot Defender with SIEM

About

Releases

Packages

Languages

alwashali/Microsoft-Defender-Alert-API-Integration

Folders and files

Latest commit

History

Repository files navigation

Microsoft-Defender-Alert-API-Integration

Integrating Micrsofot Defender with SIEM

About

Resources

Stars

Watchers

Forks

Languages