Skip to main content
Solved

Microsoft Defender XDR integration

  • September 12, 2024
  • 6 replies
  • 118 views
VictorSOAR
Forum|alt.badge.img+6

Hi Guys,

Is there an integration for Microsoft Defender XDR available in the SOAR Marketplace?

Best answer by gsec

Thanks @Ben_T  for your response,

Yes, I noticed these integrations are available in the marketplace. However, I was specifically looking for an integration tailored to Microsoft Defender XDR. I couldn’t find one for XDR, so I was wondering if any of the available Defender integrations also cover XDR?


Hey,

you can use ATP and 365 for this or if you have also Azure Sentinel active you could transfer all alerts to Sentinel and then to SOAR that works with analytic rules from Sentinel and the default Rules from Defender ATP / Defender for Endpoint.

Then you just need a playbook that handle the different Detection Source or the Incident from Azure Sentinel.

Regards,

    6 replies

    Ben_T
    Staff
    Forum|alt.badge.img+4
    • Ben_T
    • Staff
    • September 12, 2024

    Hi VictorSOAR,

    There are multiple Microsoft Defender integrations in the SOAR marketplace to meet your needs:

    https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/microsoft-defender-atp

    https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/microsoft-365-defender

    https://cloud.google.com/chronicle/docs/soar/marketplace-integrations

    Hope this helps.

     

      VictorSOAR
      Forum|alt.badge.img+6
      • VictorSOARBronze 1
      • Author
      • Bronze 1
      • September 12, 2024

      Thanks @Ben_T  for your response,

      Yes, I noticed these integrations are available in the marketplace. However, I was specifically looking for an integration tailored to Microsoft Defender XDR. I couldn’t find one for XDR, so I was wondering if any of the available Defender integrations also cover XDR?

        Ben_T
        Staff
        Forum|alt.badge.img+4
        • Ben_T
        • Staff
        • September 12, 2024

        Thanks @Ben_T  for your response,

        Yes, I noticed these integrations are available in the marketplace. However, I was specifically looking for an integration tailored to Microsoft Defender XDR. I couldn’t find one for XDR, so I was wondering if any of the available Defender integrations also cover XDR?


        I'm not a Microsoft expert, but my understanding is that Microsoft XDR is a broader security platform that extends visibility and context across attack surfaces/products like Microsoft Defender for Endpoint(ATP) and Microsoft Defender for Office 365.

        Think of it this way:

        • MDE is like a security guard protecting a single building (your endpoints).
        • Microsoft XDR is like a network of security cameras and sensors monitoring the entire city (endpoints, email, etc), with MDE being one of the cameras focused on a crucial area.
        gsec
        Forum|alt.badge.img+4
        • gsecBronze 3
        • Bronze 3
        • Answer
        • September 12, 2024

        Thanks @Ben_T  for your response,

        Yes, I noticed these integrations are available in the marketplace. However, I was specifically looking for an integration tailored to Microsoft Defender XDR. I couldn’t find one for XDR, so I was wondering if any of the available Defender integrations also cover XDR?


        Hey,

        you can use ATP and 365 for this or if you have also Azure Sentinel active you could transfer all alerts to Sentinel and then to SOAR that works with analytic rules from Sentinel and the default Rules from Defender ATP / Defender for Endpoint.

        Then you just need a playbook that handle the different Detection Source or the Incident from Azure Sentinel.

        Regards,

          VictorSOAR
          Forum|alt.badge.img+6
          • VictorSOARBronze 1
          • Author
          • Bronze 1
          • September 13, 2024

          I'm not a Microsoft expert, but my understanding is that Microsoft XDR is a broader security platform that extends visibility and context across attack surfaces/products like Microsoft Defender for Endpoint(ATP) and Microsoft Defender for Office 365.

          Think of it this way:

          • MDE is like a security guard protecting a single building (your endpoints).
          • Microsoft XDR is like a network of security cameras and sensors monitoring the entire city (endpoints, email, etc), with MDE being one of the cameras focused on a crucial area.

          Thanks @Ben_T  for more clarity

          VictorSOAR
          Forum|alt.badge.img+6
          • VictorSOARBronze 1
          • Author
          • Bronze 1
          • September 13, 2024

          Hey,

          you can use ATP and 365 for this or if you have also Azure Sentinel active you could transfer all alerts to Sentinel and then to SOAR that works with analytic rules from Sentinel and the default Rules from Defender ATP / Defender for Endpoint.

          Then you just need a playbook that handle the different Detection Source or the Incident from Azure Sentinel.

          Regards,


          Thanks @gsec . will try 365 integration for XDR

          Terms & ConditionsCookie settingsAccessibility statement
          Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

          © 2025 Google. All rights reserved.