Empowering Sophos MTR with Microsoft Graph Security Integration
Discover how the integration of Microsoft Graph Security enhances Sophos Managed Threat Response (MTR) capabilities, enabling advanced alert notifications, exploration of security details, and community collaboration. Learn about the core features, licensing requirements, alert sources, and community resources available for Sophos MTR users. Join the Early Access Program (EAP) to experience the latest in security detection and investigation tools for a more robust cybersecurity environment.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Sophos Confidential XDR/MTR Microsoft Graph Security
Topics to cover in 30min Sophskills Questions o Email us at mtreap2@sophos.com Release o EAP Start of June o GA Start of July License o Included with MTR Advanced Value o Alert notification for MTR security team and customer o Context and exploration of details with Queries Demo o MTR Community Forum o Enable/configure o Alert overview/queries 3
Microsoft Graph Security For MTR Accounts Sophos license o MTR Advanced license required for use by Sophos MTR o XDR EAP will be available in CQ3 to enable the display of MS Graph Security Detections and investigations in the Sophos Central console Central Adaptor configuration o Requires authorization for access to MS Graph Security events MS Graph Security events are sent to the Sophos data lake o Each event will evaluated by Sophos to assign an appropriate risk score for the event and generate detection and case information for the Sophos MTR team Sophos Confidential 4
Alert sources Alerts are potential security issues within a customer s environment that Microsoft or partner security solutions have identified and flagged for action or notification. GET alert Security provider Microsoft Defender for Cloud Azure Active Directory Identity Protection Microsoft Defender for Cloud Apps Microsoft Defender for Endpoint Microsoft Defender for Identity Microsoft 365 Default Cloud App Security Custom Alert Azure Information Protection (preview) Azure Sentinel (preview) Sophos Central Security alerts are triggered by advanced detections and are available only with enhanced security features enabled. SEE ALSO: https://docs.microsoft.com/en-us/azure/defender-for-cloud/alerts-reference 5
Sophos Community MTR Connector EAP - Community https://community.sophos.com/mdr- community-channel/mtr-connector- eap/ Video - Setup and Testing https://community.sophos.co m/cfs-file/__key/telligent- evolution-videotranscoding- securefilestorage/communitys erver-blogs-components- weblogfiles-00-00-00-00- 90/MS-Graph-V2.mp4.mp4 Announcements Discussion Queries 6
Enable the Connector An invitation key is required to join the EAP o MTR Advanced accounts are qualified o Email mtreap2@sophos.com to request access to the EAP Enable the connector from Sophos Central Visit the Sophos MTR community forum for more information and sample queries o https://community.sophos.com/mdr- community-channel/mtr-connector- eap/i/queries 7
DEMO 8
