Skip to content

Commit fbb6b87

Browse files
committed
chore: README v4
1 parent 3f8757c commit fbb6b87

1 file changed

Lines changed: 15 additions & 13 deletions

File tree

plugins/MicrosoftDefender/v1/docs/README.md

Lines changed: 15 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1,23 +1,25 @@
11
# Configuring the data source
22

3-
1. Display name:
3+
**Display name:**
4+
45
Enter a name for your data source. This helps you to identify this data source in the list of your data sources.
56

6-
2. Authentication:
7+
**Authentication:**
8+
79
M365 client credentials are required to configure this plugin. Follow the steps in [Configuring App Registration for the Microsoft 365 Plugin](https://docs.squaredup.com/data-sources/microsoft-365-plugin/configuring-app-registration-for-the-microsoft-365-plugin). Ensure to add the following permissions below to configure your app for Defender:
810

9-
- **SecurityAlert.Read.All**
10-
- **SecurityIncident.Read.All**
11-
- **ThreatHunting.Read.All**
12-
- **SecurityEvents.Read.All**
11+
- _SecurityAlert.Read.All_
12+
- _SecurityIncident.Read.All_
13+
- _ThreatHunting.Read.All_
14+
- _SecurityEvents.Read.All_
1315

1416
Once this is completed, fill in the details below:
1517

1618
- _Directory (Tenant) ID_
1719
- _Application (Client) ID_
1820
- _Client Secret_
1921

20-
3. Click Test and add to validate the data source configuration. SquaredUp will now attempt to connect using the provided authentication details.
22+
Click Test and add to validate the data source configuration. SquaredUp will now attempt to connect using the provided authentication details.
2123

2224
# Testing and troubleshooting
2325

@@ -49,15 +51,15 @@ The following objects are imported:
4951
## Data streams
5052
The following data streams are installed with this plugin:
5153

52-
- **Advanced Hunting Query** — Queries a specified set of data supported by Defender to proactively look for specific threats in your environment. **Parameters:**
53-
- **Query**: the KQL query to run.
54+
- **Advanced Hunting Query** — Queries a specified set of data supported by Defender to proactively look for specific threats in your environment. *Parameters:*
55+
- *Query*: the KQL query to run.
5456
- **Secure Score History** — Retrieves the current tenant's Secure Score data from the past 90 days.
5557
- **Recommendations** — Returns recommendations data for the specified device.
5658
- **Vulnerabilities** — Returns vulnerabilities data for the specified device.
5759
- **Devices** — Returns detailed attributes and properties for the specified device.
58-
- **Alerts** — Returns a list of alert resources created to track suspicious activities in an organization. **Parameters:**
59-
- Filters available: **Severity, Status**
60-
- **Incidents** — Returns a list of incident objects that Microsoft 365 Defender created to track attacks in an organization. **Parameters:**
61-
- Filters available: **Severity, Status**
60+
- **Alerts** — Returns a list of alert resources created to track suspicious activities in an organization. *Parameters:*
61+
- Filters available: *Severity, Status*
62+
- **Incidents** — Returns a list of incident objects that Microsoft 365 Defender created to track attacks in an organization. *Parameters:*
63+
- Filters available: *Severity, Status*
6264

6365

0 commit comments

Comments
 (0)