SOC uses AARNet’s LogScale security information and event management (SIEM) with the Microsoft Graph Security API, enabling incidents and alerts from Microsoft 365 Defender to be ingested into LogScale.
We recommend that the following are ingested into AARNet’s SIEM:
- Incidents
- Alerts
To enable SOC to ingest incidents and alerts into AARNet LogScale, you’ll need to: