I have been curious on how I can make use of the security data that we are making available as part of the new Microsoft Graph Security API. The Graph Security API, which is in public preview, provides a standard interface to allow consumption of alerts from Microsoft products such as Azure Information Protection, Azure Security Center and more.
See more info about the Graph Security API here: https://cloudblogs.microsoft.com/microsoftsecure/2018/04/17/connect-to-the-intelligent-security-graph-using-a-new-api/
The first step is to access the data in the Graph Security API and a quick and easy approach that doesn’t require you to write code is to use Microsoft Flow as the first step. Microsoft Flow is a workflow management tool for automating workflows across apps and services (similar to IFTT). You can access Flow here: https://flow.microsoft.com
The goal of this guide is to show how you can read alerts from the Graph Security API and then do something with the data using Flow, in this case, post the alerts to a SharePoint list and a Power Bi dataset. But, once you have the data you can use any actions available to Flow.
In a future post I’m planning to show direct integration with Power Bi including some examples on how you can combine data across our services using a Power Bi dashboard.
If you follow the examples in the guide, you will end up with a SharePoint list and Power Bi dataset populated with alert data from the Graph Security API as per below.
Download the full guide with step-by-step instructions here: https://1drv.ms/b/s!Av9Sy32Te1vUhr4_bsO-6HmMQsW9cQ