The Microsoft Security Graph Hackathon was the motivation to move forward with the project.
What it does
Coordinat-IR is a Case Management Application for Intelligence-Driven Incident Response.
The application enables the IR team to build intelligence based on new indicators found within their environment. Thus, feeding threat hunting teams to detect threat actors earlier in the attack cycle. This all starts with the initial alert.
The application provides the collaboration, coordination, and indicator development in a controlled environment to allow the IR team to strategically act.
How I built it
The Application is built on Dynamics 365 and the Power platform (PowerApps, CDS), with Azure Functions providing the integration with the Microsoft Security Graph.
Challenges I ran into
To build CDS Plugin extensions. I took a different approach than the samples in the SDK. I have posted a skeleton console application with the security graph entities for others to use. The repo: https://github.com/frankgrimberg/Security-Graph-Entity-Structures