Microsoft offers logs, events, and alerts for a variety of the services however a majority of these support the IAM management Azure offers in Azure AD. This allows CYDERES to leverage a single Azure App for most integrations with Microsoft related APIs (but is not a requirement).
Create Azure App
- Navigate to https://portal.azure.com
- On the sidebar, select Azure Active Directory.
- In the new blade, select App Registrations.
- Select New application registration.
Name the new application 'CYDERES' and leave the Sign-on URL blank as it is not needed.
6. Navigate back to the main application blade and select Certificates & secrets. 7. Under the Client secrets header, select New client secret. Name the secret "CYDERES" and set the expiration to "Never". Click Add to finish the configuration.
Gather Information for CYDERES
- Application ID - The ID of the app that was created
- Tenant ID - Can be most easily found in Azure Active Directory -> Properties -> Directory ID
- Client secret
- Inform us of which custom integrations you would like
Integrations that leverage Azure App
- Office 365
- Azure AD
- Azure Security Center Alerts
- Azure Sentinel Alerts
- Azure Advanced Threat Protection Alerts
- Microsoft Cloud App Security Alerts
- Microsoft Defender ATP
- Azure AD Identity Protection Alerts
- Azure Risk Detections
- Microsoft Threat Indicators