Inspiration came through connecting security Graph API with all Microsoft products with Analytics platform. Build applied intelligence with as many SOC KPI's to bring efficiency in handling events, alerts generated out of Microsoft platform.
What it does
Generate a dashboard view for any enterprise hosting microsoft platform of products and other third party vendors. Use the alert intelligence to correlate and give a proper end to end user, hosts, profiles, threat and vulnerability view.
How I built it
Used Azure tenant to connect with Analytics platform and generate dashboard view.
Challenges I ran into
Integration with Analytics platform as a lot of data translation happened.
Accomplishments that I'm proud of
The team was able to generate the final outcome of KPI's through the alerts came through from Security graph API JSON file.
What I learned
We learnt using security graph API, not only we could connect internal alert intelligence we could connect with external threat intelligence solution and provide an end to end threat, vulnerability and user, accounts, profiles, hosts risk review.
What's next for Applied Intelligence through Security Graph API
We looking for next build into SOC metrics utility and integrate with Managed security services component.