Microsoft Graph Security App Now on Cortex

Mar 06, 2019
3 minutes

We are proud to bring together two of the most powerful APIs and data sharing ecosystems with the release of the Microsoft Graph Security app for Cortex by Palo Alto Networks. This compelling combination allows customers to share data between the Palo Alto Networks platform and Microsoft apps and services, providing unprecedented context, coordinated alerting, and simplified response workflows.


Get more from your data

With the Microsoft Graph Security app, customers can use combined data from Palo Alto Networks and Microsoft to unlock new security insights to protect their organization. Now, customers can aggregate and correlate their data through a joint API interface, enabling prevention workflows across multiple security vendors and products.


How the app works

  • Centralize network, endpoint, and cloud alerts from the Cortex Data Lake and Microsoft through the Graph Security API.
  • Cross-reference alerts with third-party security tools through the Microsoft Graph for additional context.
  • Automatically stop threats on Palo Alto Networks infrastructure.


Build a story around threats

Traditionally, each threat is seen as an individual action by attackers requiring manual correlation across an array of independent security tools. The process is overwhelming, with multiple data formats, different threat scoring, and constant pivoting between dashboards. The Microsoft Graph Security app allows security teams to share data in a common format to build a cohesive story around threats, correlating actions to user profiles and devices in a single place for investigation and response.


Correlation in action: use case

Alerts generated from:

  • Azure Identity from a login tied to an unfamiliar location.
  • Palo Alto Networks next-generation firewall detects a visit to a malicious domain.
  • Windows Defender ATP finds malicious code being executed on the endpoint.

Individually, none of these alerts is particularly critical. With the Microsoft Graph Security app, unique alert context from Palo Alto Networks, Microsoft, and other vendors can be shared across the ecosystem, updating the alert status with real-time intelligence to help analysts make quick decisions. With a clear and coherent story of what happened to the user available to the security team, the separate alerts are clearly a critical threat: the attacker compromised a user in the network, visited a malicious domain, and is actively executing malicious code. Palo Alto Networks next-generation firewalls can seamlessly extend containment policies to isolate and quarantine the infected user, stopping the attack in its tracks.


Better together

We are excited that Microsoft is an early-stage partner in the Cortex ecosystem of apps. As a member of the Microsoft Intelligent Security Association, Palo Alto Networks and Microsoft are enabled to work together to better protect our mutual customers. This app allows customers to leverage a combination of security tools from Palo Alto Networks, Microsoft, and other vendors with confidence that it will all work together. For more information about the Microsoft Graph Security app and others available for Cortex, visit the Cortex hub.



Subscribe to the Newsletter!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.