Can I ask what the difference is between the two Microsoft Graph Security connectors? One is just plain
Microsoft Graph Security Connector
and the other is
Microsoft Graph Office 365 Security and Compliance Connector
.
The first seems to include information that comes in from the second.
Microsoft Graph Office 365 Security and Compliance Connector
was added last year in May with v11 of the Integration. But thereโs no explanation as to why or what it does differently. Or if I need one or both of them.
Thank you, so both are not needed. One or the other depending on if you need the Security & Compliance alerts or not
Exactly.
just to sum up in short:
Microsoft Graph Security Connector :
will ingest all alert types
excluding
Security & Compliance, and fast
Microsoft Graph Office 365
Security and Compliance
Security and Compliance
Connector:
will ingest
all existing alert types
Hello
@Ben_Montour
The newer connector,
Microsoft Graph Office 365
Security and Compliance
Security and Compliance
Connector
, was added in order to support another type of alerts, called
Security and Compliance
alerts
In our the
Microsoft Graph Security Connector
, when we applied API filters, those alerts were not showing up for some reason.
Thus, we have added the second one.
This connector -
Microsoft Graph Office 365
Security and Compliance Connector
Security and Compliance Connector
-
will fetch
all alert types
from Microsoft Graph Security, so if that's your use case - you should use it.
We would add one thing - the
Microsoft Graph Security Connector
is going to be faster and more resource efficient, so if "Security and Compliance" alerts are not needed in your case - we would recommend using this connector.
We are aware of the fact that this is not currently in our documentation site, and we will add it as soon as we can.
Thank you for your question!