Microsoft Graph is a Microsoftdeveloper platform that enables integration with multiple services in Microsoft cloud. It provides a unified programmability model that you can use to access the tremendous amount of data in Microsoft 365, Windows 10, and Enterprise Mobility + Security. Microsoft Graph API is a RESTful web API that enables you to access Microsoft Cloud service resources.
In RSA NetWitness 11.5 or higher versions, we integrated the Microsoft Graph API through the Plugin collection type. This integration helps our customers to collect various event types or alerts from Microsoft cloud services through Microsoft Graph API.
Event types currently supported by RSA NetWitness msazuregraph plugin are as given below. The latest azure log parser needs to be enabled in NetWitness Log decoder to parse these events. Please refer official RSA document for more information on configurations
Microsoft Event types Supported via NetWitness msazuregraph Plugin
Directory Audit Logs
Risk Detection Logs
In addition to the above event types, customers can collect any other event types which are supported through Microsoft Graph API and route them to a custom parser created in NetWitness or get in touch with RSA NetWitness customer support to add official support for fine parsing.