HomeMITRECVE JournalCarbonpediaDocsReleases
Microsoft 365 Defender

Microsoft 365 Defender

This guide explains how to integrate Microsoft 365 Defender (Microsoft Defender XDR) with RedCarbon.

Overview

The Microsoft 365 Defender integration allows RedCarbon to ingest incidents and alerts from the unified Microsoft XDR platform, including Defender for Endpoint, Identity, and Office 365.

Configuration

To configure the integration, you need to register an application in Azure Active Directory (Entra ID) and grant it permissions to access Microsoft 365 Defender APIs.

Step 1: Register an Application

  1. Log in to the Azure Portal with an account that has the Global Administrator role.
  2. Navigate to Azure Active Directory > App registrations > New registration.
  3. Enter a name (e.g., RedCarbon-Defender).
  4. Click Register.

App Registration

Step 2: Grant API Permissions

  1. On the application page, select API Permissions.
  2. Click Add permissions and add permissions accordingly to the following information.
  3. Check the table API/Permissions name.
  4. Check that the following permissions in Microsoft Graph are enabled:
  • SecurityAlert.Read.All
  • SecurityEvents.Read.All
  • SecurityIncident.Read.All
  • ThreatHunting.Read.All
  1. Check that the following permissions in Microsoft Threat Protection are enabled:
  • Incident.ReadWrite.All
  1. Important: Click Grant admin consent for [Organization Name] to activate the permissions.

Grant Permissions Grant Consent

Step 3: Create a Client Secret

  1. Navigate to Certificates & secrets.
  2. Click New client secret.
  3. Add a description and expiration period.
  4. Click Add.
  5. Copy the Secret Value immediately.

Step 4: Gather Required IDs

From the Overview page of your application, copy:

  • Application (Client) ID
  • Directory (Tenant) ID

Overview

Step 5: Configure RedCarbon

  1. Log in to the RedCarbon Dashboard.
  2. Navigate to the customer's Integrations page.
  3. Select Microsoft 365 Defender.
  4. Paste the Tenant ID, Client ID, and Client Secret.
  5. Click Save and then Test.

Configure RedCarbon

Severity Mapping

Original SeverityRedCarbon Score
Informational0
Low10
Medium40
High70
Critical90