Skip to content
English
Contact Support
  • There are no suggestions because the search field is empty.

Integrating Microsoft Defender with Dune Security

Access Defender alerts and events in Dune Security

This guide outlines the capabilities of the Microsoft Defender data ingestion processes for Dune Security to ingest security events into the platform and update user's risk scores.

Step 1: Access the Azure Portal

  1. Navigate to the Azure Portal:
    Go to Azure Portal.
  2. Go to Microsoft Entra ID:
    Under "Azure Services," click on Microsoft Entra ID or use the direct link:
    Entra ID Overview.

Step 2: Register a New Application

  1. App Registration:
    • In the Entra ID menu, click on App Registrations.
    • Click New Registration.
    • Enter the application name: Dune Security Defender Integration.
    • For Account Types, select: Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multi-Tenant).
    • Click Register.

Step 3: Add Required API Permissions

  1. Navigate to API Permissions:
    In the newly created app, click on API Permissions under the Manage section.
  2. Add Permissions:
    • Click Add Permission.
    • Select Microsoft Graph.
    • Under the Application Permissions tab, add the following permissions:

      • Alert.Read.All

      • ThreatIndicators.Read.All

      • ThreatIntelligence.Read.All

      • SecurityEvents.Read.All

      • SecurityIncident.Read.All

      • AttackSimulation.Read.All

    • Click Add Permissions to confirm.

Step 4: Grant Admin Consent

  1. Admin Consent:
    After adding the permissions, click Grant Admin Consent to apply the permissions to the app.

Step 5: Create a Client Secret

  1. Create a Client Secret:

    • In the Certificates & Secrets section under Manage, click on New Client Secret.
    • Provide a description (e.g., "Defender Secret").
    • Set the expiration period to 6 months.
    • Click Add to generate the secret.

  2. Save Secret and IDs:
    After generating the secret, securely copy and store the following details:

    • Secret Value (Note: You won’t be able to view this again, so save it securely).
    • Client ID.
    • Tenant (Directory) ID.

Step 6: Share Credentials with Dune Security

Share the following credentials securely with Dune Security:

  • Client Secret (Value).
  • Client ID.
  • Tenant (Directory) ID.

Note: These credentials will be securely handled to ensure the integrity and confidentiality of your data.

Step 7: Test the Setup

Once the credentials have been securely shared with Dune Security (via file exchange), your dedicated Customer Success Engineer will confirm if the API has been configured properly.