AlienVault® USM Anywhere™

Configuring the AlienApp for Microsoft Defender ATP

Role Availability Read-Only Analyst Manager

AlienApp for Microsoft Defender ATP Requirements

Before you configure the AlienApp for Microsoft Defender Advanced Threat Protection (ATP), you must have the following information from your Microsoft Azure account:

  • Defender Tenant ID
  • Application ID
  • Scope
  • Client Secret

Important: Because the AlienApp for Microsoft Defender ATP can only act on events received from Azure, you also need to configure log collection from Azure Event Hubs. See Collect Logs from Azure Event Hubs and follow the process documented on that page to set up Azure log collection.

Microsoft Defender ATP Configurations

To set up the AlienApp for Microsoft Defender ATP, you first need to create an Azure Active Directory (Azure AD) application and record your Tenant ID, Application ID, Scope, and Client Secret during that process.

See the Microsoft Defender ATP setup documentation for full details on the steps required to use the AlienApp for Microsoft Defender ATP in USM Anywhere.

To enable the AlienApp for Microsoft Defender ATP

  1. In USM Anywhere, go to Data Sources > Integrations.
  2. Click the AlienApps tab.

    Available Apps tab

  3. Click the Microsoft Defender ATP tile.

  4. Click the Settings tab.
  5. Enter the following items:

    • Defender Tenant ID
    • Application ID
    • Scope
    • Client Secret
  6. Click Save .