|
1 | 1 | # Configuring the data source |
2 | 2 |
|
3 | | -1. Display name: |
| 3 | +**Display name:** |
| 4 | + |
4 | 5 | Enter a name for your data source. This helps you to identify this data source in the list of your data sources. |
5 | 6 |
|
6 | | -2. Authentication: |
| 7 | +**Authentication:** |
| 8 | + |
7 | 9 | M365 client credentials are required to configure this plugin. Follow the steps in [Configuring App Registration for the Microsoft 365 Plugin](https://docs.squaredup.com/data-sources/microsoft-365-plugin/configuring-app-registration-for-the-microsoft-365-plugin). Ensure to add the following permissions below to configure your app for Defender: |
8 | 10 |
|
9 | | -- **SecurityAlert.Read.All** |
10 | | -- **SecurityIncident.Read.All** |
11 | | -- **ThreatHunting.Read.All** |
12 | | -- **SecurityEvents.Read.All** |
| 11 | +- _SecurityAlert.Read.All_ |
| 12 | +- _SecurityIncident.Read.All_ |
| 13 | +- _ThreatHunting.Read.All_ |
| 14 | +- _SecurityEvents.Read.All_ |
13 | 15 |
|
14 | 16 | Once this is completed, fill in the details below: |
15 | 17 |
|
16 | 18 | - _Directory (Tenant) ID_ |
17 | 19 | - _Application (Client) ID_ |
18 | 20 | - _Client Secret_ |
19 | 21 |
|
20 | | -3. Click Test and add to validate the data source configuration. SquaredUp will now attempt to connect using the provided authentication details. |
| 22 | +Click Test and add to validate the data source configuration. SquaredUp will now attempt to connect using the provided authentication details. |
21 | 23 |
|
22 | 24 | # Testing and troubleshooting |
23 | 25 |
|
@@ -49,15 +51,15 @@ The following objects are imported: |
49 | 51 | ## Data streams |
50 | 52 | The following data streams are installed with this plugin: |
51 | 53 |
|
52 | | -- **Advanced Hunting Query** — Queries a specified set of data supported by Defender to proactively look for specific threats in your environment. **Parameters:** |
53 | | - - **Query**: the KQL query to run. |
| 54 | +- **Advanced Hunting Query** — Queries a specified set of data supported by Defender to proactively look for specific threats in your environment. *Parameters:* |
| 55 | + - *Query*: the KQL query to run. |
54 | 56 | - **Secure Score History** — Retrieves the current tenant's Secure Score data from the past 90 days. |
55 | 57 | - **Recommendations** — Returns recommendations data for the specified device. |
56 | 58 | - **Vulnerabilities** — Returns vulnerabilities data for the specified device. |
57 | 59 | - **Devices** — Returns detailed attributes and properties for the specified device. |
58 | | -- **Alerts** — Returns a list of alert resources created to track suspicious activities in an organization. **Parameters:** |
59 | | - - Filters available: **Severity, Status** |
60 | | -- **Incidents** — Returns a list of incident objects that Microsoft 365 Defender created to track attacks in an organization. **Parameters:** |
61 | | - - Filters available: **Severity, Status** |
| 60 | +- **Alerts** — Returns a list of alert resources created to track suspicious activities in an organization. *Parameters:* |
| 61 | + - Filters available: *Severity, Status* |
| 62 | +- **Incidents** — Returns a list of incident objects that Microsoft 365 Defender created to track attacks in an organization. *Parameters:* |
| 63 | + - Filters available: *Severity, Status* |
62 | 64 |
|
63 | 65 |
|
0 commit comments