Microsoft offers logs, events, and alerts for a variety of services, however, a majority of these products support the IAM management Azure offers in Azure AD. This allows CYDERES to leverage a single Azure App.
Create Azure App
- Navigate to https://portal.azure.com
- On the sidebar, select Azure Active Directory.
- In the new blade, select App Registrations.
- Select New application registration.
Name the new application 'CYDERES' and leave the Sign-on URL blank as it is not needed.
6. Navigate back to the main application blade and select Certificates & secrets. 7. Under the Client secrets header, select New client secret. Name the secret "CYDERES" and set the expiration to "Never". Click Add to finish the configuration.
Gather Information for CYDERES
- Application ID - The ID of the app that was created
- Tenant ID - Can be most easily found in Azure Active Directory -> Properties -> Directory ID
- Client secret
- Inform us of which custom integrations you would like
Configuration for Additional Microsoft Services
Once the steps above are complete, navigate to the integration guide for the following services chosen to integrate:
- Azure AD
- Azure AD Identity Protection Alerts
- Azure Advanced Threat Protection Alerts
- Azure Risk Detections
- Azure Sentinel Alerts
- Azure Security Center Alerts
- Microsoft Cloud App Security
- Microsoft Cloud App Security Alerts
- Microsoft Defender ATP Alerts
- Microsoft Security Actions
- Microsoft Threat Indicators
- Office 365