NewMicrosoft Purview · Microsoft Defender
Microsoft Purview: Data Loss Prevention – Enrich Defender alerts Graph API with DLP event data
Graph API for Defender alerts will be enriched with DLP event data, enabling easier integration with SIEM tools, automated workflows, and custom reporting by consolidating previously siloed alert and DLP rule match data.
Key dates
- — preview (Currently in development; preview timing not specified)
Microsoft's description
Enhance current API infrastructure to provide easy and simple way for customers to export data to integrate with SIEM tools, create automated workflows and generate customizable reports. Today alert data is present in Graph API and DLP rule match event details are present in Management API. This work enriches the graph API with DLP event data to make correlation and integration easy for customers.