Skip to content

Microsoft Defender for Endpoint Integration

Before You Begin

  • Ensure you have an active Microsoft Defender for Endpoint account.
  • Microsoft Defender for Endpoint login credentials.
  • Access to the Microsoft Defender for Endpoint API documentation.

Steps to Generate API Key and Configure Log Forwarding

Create a Microsoft Entra Application

Log in to Microsoft Azure Portal:

  • Go to the Azure Portal and sign in with your administrator credentials.

Register an Application:

  1. Navigate to Azure Active Directory > App registrations > New registration.
  2. Enter a name for the application, select the appropriate supported account types, and click Register.

Configure API Permissions:

  1. In the app registration, go to API permissions > Add a permission.
  2. Select APIs my organization uses and search for Microsoft Defender for Endpoint.
  3. Select the permissions your application needs, such as Read Alerts or Isolate Machines, and click Add permissions.

Generate Client Secret:

  1. Go to Certificates & secrets > New client secret.
  2. Enter a description and set an expiration period, then click Add.
  3. Copy the generated client secret value and store it securely.

Providing Information to Configure SecurIST

After generating the API key, please provide the following information to us to complete the configuration on our side:

  • API Key: The API key you generated.
  • Client Secret: The client secret value you generated.

Log Source Details:

  • Type of log data (e.g., security events, user activities).
  • Any specific identifiers or tags you use.

Log Data Format:

  • Format of the logs being sent (e.g., JSON).

Log Source IP Address:

  • The IP address from which the logs will be sent.

Please send the above details to our support team via an "Onboard Log source request in your SecurIST platform

Getting Help

If you encounter any issues or need assistance during this process, our support team is here to help. You can reach out to us through:

Support Portal: Submit a ticket via our support portal for detailed assistance. Documentation: Refer to our extensive documentation library for troubleshooting and additional guides.

By providing these details, we will be able to configure SecurIST to accept and process Bitdefender logs for your SIEM service.