elastic / integrations

Elastic Integrations
https://www.elastic.co/integrations
Other
21 stars 436 forks source link

[M365 Defender] - Add a new data stream to support vulnerability logs #7482

Open ShourieG opened 1 year ago

ShourieG commented 1 year ago

We require a new data stream in the m365 defender integration that is capable of pulling vulnerability logs, using either the standard vulnerability api documented here or by using the latest graph apis documented here. The graph apis have limitations at the moment as they are not capable of fetching a paginated vulnerability list similar to the older standard REST apis. The approach needs to be decided.

This feature enhancement is tied to a recent customer request & support ticket linked here

elasticmachine commented 1 year ago

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

nicpenning commented 5 months ago

This is an integration I would like to see. Bumping for awareness.

https://learn.microsoft.com/en-us/defender-endpoint/api/get-all-vulnerabilities

https://learn.microsoft.com/en-us/defender-endpoint/api/get-all-vulnerabilities-by-machines

davidson01 commented 5 months ago

+1.

nicpenning commented 1 month ago

Pinging again here for awareness and the need for this integration.