Supported Cortex XSOAR versions: 6.8.0 and later.
Microsoft 365 Defender event collector integration for Cortex XSIAM.
Navigate to Settings > Integrations > Servers & Services.
Search for Microsoft 365 Defender Event Collector.
Click Add instance to create and configure a new integration instance.
Parameter Description Required Endpoint URI The United States: api-us.security.microsoft.com
The United Kingdom: api-uk.security.microsoft.co
True Client (Application) ID The client (application) ID to use to connect. True Client Secret True Tenant ID True First fetch timestamp (<number> <time unit>, for example 12 hours, 7 days) False Fetch alerts timeout The time limit in seconds for fetch alerts to run. Leave this empty to cancel the timeout limit. False Number of alerts for each fetch. Due to API limitations, the maximum is 10,000. False Fetch events False Verify SSL Certificate False Use system proxy settings False
Click Test to validate the URLs, token, and connection.
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
Returns a list of alerts
|limit||The maximum number of alerts per fetch. Default is 10000.||Optional|
|first_fetch||The first fetch time (<number> <time unit>, for example 12 hours, 1 day, 3 months). Default is 3 days.||Optional|
There is no context output for this command.