search

elastic / beats

:tropical_fish: Beats - Lightweight shippers for Elasticsearch & Logstash
https://www.elastic.co/products/beats
Other
12.16k stars 4.91k forks source link

Filebeat Module - Microsoft Graph API Security (II) #36995

Open C4pt41nNRex opened 11 months ago

C4pt41nNRex commented 11 months ago

Metricbeat Module / Dataset release checklist

This checklist is intended for Devs which create or update a module to make sure modules are consistent.

Modules

For a metricset to go GA, the following criterias should be met:

Filebeat module

Metricbeat module

Hi Elastic team,

I'm interested on a module Microsoft Graph API Security to fetch logs from there to Filebeat. In one word, reopening issue #26878 (Filebeat Module - Microsoft Graph API Security).

A lot of Microsoft insights are being fetched through Filebeat modules tho, one important is missing in my opinion. Microsoft Graph API Security https://docs.microsoft.com/en-us/graph/api/resources/security-api-overview?view=graph-rest-1.0

Especially the alerts. There is already the Microsoft Module which include M365Defender but the graph API security endpoint offer theses alerts along with multiple others.

Thank you in advance.

Kind regards,

Rex

C4pt41nNRex commented 11 months ago

The team to be assigned, should be Security-External Integrations

@elastic/security-external-integrations

jamiehynds commented 10 months ago

Hi @C4pt41nNRex - we have an Elastic Agent integration for Microsoft 365 Defender, which uses the Graph Security API to ingest incidents/alerts from M365 Defender. Could that be a suitable fit for you, or are there other Microsoft products you need to pull data in from, via the Graph Security API?

elasticmachine commented 8 months ago

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)