* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/)
* See the Graph Security AP...

# See the Graph Security API in Action at RSA Conference 2018

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2018%2F04%2Fsee-graph-security-api-action-rsa-conference-2018%2F)  
[](https://twitter.com/share?text=See+the+Graph+Security+API+in+Action+at+RSA+Conference+2018&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2018%2F04%2Fsee-graph-security-api-action-rsa-conference-2018%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2018%2F04%2Fsee-graph-security-api-action-rsa-conference-2018%2F&title=See+the+Graph+Security+API+in+Action+at+RSA+Conference+2018&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2018/04/see-graph-security-api-action-rsa-conference-2018/&ts=markdown)  
\[\](mailto:?subject=See the Graph Security API in Action at RSA Conference 2018)  
Link copied  
By [Vince Bryant](https://www.paloaltonetworks.com/blog/author/vince-bryant/?ts=markdown "Posts by Vince Bryant")  
Apr 17, 2018  
5 minutes  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown)  
[Microsoft Intelligent Security Graph API](https://www.paloaltonetworks.com/blog/tag/microsoft-intelligent-security-graph-api/?ts=markdown)

Today, Microsoft announced the public preview of their [Microsoft Graph Security API](https://aka.ms/graphsecurityapi). The security API enables a single point of programmatic access to aggregated security insights from Microsoft and partner security solutions, as well as business information from other Microsoft Graph entities (Office 365, Azure Active Directory, Intune, and more) that can add high-value context to threat analysis.

Palo Alto Networks has built a proof-of-concept application to demonstrate our ability to consume alerts from the Graph API, enrich those alerts with additional threat intelligence from AutoFocus, and send alert notifications to the Graph API. This information has the potential to provide security teams with a holistic view of their environment, and enable more coordinated policy updates, to ensure a consistent security posture across the security portfolio. We will be demonstrating a proof of concept for these use cases at the Microsoft Intelligent Security Graph demo station at RSA (booth 3501 in the Moscone North Exhibit Hall).

Because Context Matters

Traditional security approaches are suited to protect against known threats, and adversaries get around these defenses by making slight changes to existing exploits and attack vectors. Microsoft and Palo Alto Networks actively hunt to identify these variants, new attack profiles, and IPs (indicators of comprise and attacks, collectively) being used by bad actors for attacks, exfiltration, and command and control.

You can minimize your exposure to these attacks by blocking at the network layer, and we have built a proof of concept to show how we can both add this additional contextual information to any alerts surfaced through the security API and take action on those alerts to block the attacker IPs and domains across all of the Palo Alto Networks next-generation firewalls deployed in your environment.

For the demo, we will showcase an application that uses the security API to poll alerts from multiple security solutions -- in this case, we'll focus on an alert from Azure Security Center. The alert is enriched with additional information from Panorama and AutoFocus, and action is taken to block the threat across all of the firewalls deployed within the customer environment. For this scenario:

1. Azure Security Center detects communication to a malicious IP address, likely a command-and-control center. The alert is surfaced in the Security Center, and our demo application via the security API.
2. Our demo application then correlates the alert with logs from Panorama to determine whether this attack has been detected by a firewall. The application also queries AutoFocus, our threat intelligence service, to pull all of the information we know about that attack: the attacker, the family of this attack, indicators of compromise, and known IPs and domains used by these attackers for their activities.
3. The demo application will then update the tags of the original alert, via the security API, with the threat intelligence from AutoFocus -- sharing these added insights with other security products that integrate with the Graph.
4. Finally, the demo application can then be used to block the malicious IPs associated with the attack. In the future, the security API will enable programmatic response, such as updating the policies on all your firewalls to block this traffic in the event they are not already configured to do so.

Today, you can create [automated playbooks](https://azure.microsoft.com/en-us/blog/security-center-playbooks-and-azure-functions-integration-with-firewalls/) to update your firewall policies via Panorama based on Security Center alerts. In the future, this orchestration will be enabled via the security API across providers and consumers connected to the Graph.

Give Me More Data!

The logical next question is how to enable alerting from Palo Alto Networks firewalls to feed into the Intelligent Security Graph. We have also developed a Palo Alto Networks Provider as part of this proof of concept. Applications and services consuming alert data through the security API can access alerts from our firewalls via the API and this provider. This provider could be extended in the future to enable more functions from the Panorama API, such as to implementing policy updates and blocking.

There are two components for this proof of concept: a provider application that acts as the intermediary between Panorama and the security API, and the Microsoft Graph Security API Demo App that is subscribed to our provider. To enable applications to subscribe to Palo Alto Networks alerts via the Graph, we did the following:

1. Register this demo provider with the Microsoft Security Graph.
2. Microsoft Graph Security API Demo App subscribes to notifications from our provider.
3. When new alerts are available, our demo provider will send a webhook notification to the Microsoft Demo App.
4. After receiving the notification that new alerts are available, Microsoft Demo App will query our provider to retrieve the security alerts.

What's Next?

Microsoft and Palo Alto Networks are working together to help our customers better defend against increasingly sophisticated attacks. In fact, we are one of the founding members of the [Microsoft Intelligent Security Association.](https://www.microsoft.com/en-us/security/association) We are partnering across multiple teams and products to share alerts and threat intelligence to enable faster detection, remediation, and prevention so your organization can stay ahead of these attacks. The proofs of concept demonstrated here at RSA are just the first steps in our collaboration.

Stop by the Microsoft booth, #3501, in the Moscone North Exhibit Hall to view these demos in action, and you can learn more about Palo Alto Networks just a few feet away at booth #3715. You can also learn more information about the Microsoft Graph Security API by following this [link](https://cloudblogs.microsoft.com/microsoftsecure/2018/04/17/connect-to-the-intelligent-security-graph-using-a-new-api).

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Incident Response](https://www.paloaltonetworks.com/blog/category/incident-response/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://unit42.paloaltonetworks.com)

[#### Introducing Unit 42 Managed XSIAM 2.0](https://www.paloaltonetworks.com/blog/2026/02/introducing-unit-42-managed-xsiam-2-0/)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Threat Research](https://www.paloaltonetworks.com/blog/category/threat-research/?ts=markdown), [Unit 42](https://unit42.paloaltonetworks.com)

[#### Top Three Ways Organizations Were Unprepared for Cyberattacks in 2023](https://www.paloaltonetworks.com/blog/2024/11/top-three-ways-organizations-were-unprepared-for-cyberattacks-in-2023/)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown)

[#### GenAI in Cybersecurity --- Threats and Defenses](https://www.paloaltonetworks.com/blog/2024/10/genai-in-cybersecurity-threats-and-defenses/)

### [Cloud-delivered Security](https://www.paloaltonetworks.com/blog/sase/category/cloud-delivered-security/?ts=markdown), [Mobile Users](https://www.paloaltonetworks.com/blog/sase/category/mobile-users/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Remote Workforce](https://www.paloaltonetworks.com/blog/category/remote-workforce/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown), [Web Security](https://www.paloaltonetworks.com/blog/category/web-security/?ts=markdown)

[#### Five Misconceptions About Secure Web Gateways](https://www.paloaltonetworks.com/blog/sase/five-misconceptions-about-secure-web-gateways/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown)

[#### Playbook of the Week: Responding to Zero-Day Threats](https://www.paloaltonetworks.com/blog/security-operations/playbook-of-the-week-responding-to-zero-day-threats/)

### [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown)

[#### UPDATED: Palo Alto Networks Protections Against WanaCrypt0r Ransomware Attacks](https://www.paloaltonetworks.com/blog/2018/01/palo-alto-networks-protections-wanacrypt0r-attacks/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language