To integrate Microsoft Azure Security Center with QRadar, complete the following steps:
In the event that programmed refreshes are not empowered, RPMs are accessible for download from the IBM support site (http://www.ibm.com/support> . Download and introduce the latest variant of the accompanying RPMs on your QRadar Console:
Microsoft Azure Security Center DSM RPM
Microsoft Graph Security API Protocol DSM
Arrange Microsoft Azure Security Center to send occasions to QRadar. For more data see, Export security cautions and suggestions https://docs.microsoft.com/en-us/purplish blue/security-focus/consistent product> .
Significant: QRadar upholds occasions just from the Microsoft Azure Security Center supplier. Occasions shipped off QRadar should have "provider:ASC" or "provider":"Azure Security Center" in the payload.
Add a Microsoft Azure Security Center log source on the QRadar Console.
