Merge branch 'master' into release-2.0.3

CiscoSecurity · Apr 7, 2022 · 837acc3 · 837acc3
2 parents 2c8a518 + 07c2c88
commit 837acc3
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/module_type.json.sample b/module_type.json.sample
@@ -2,7 +2,7 @@
   "title": "Microsoft Graph Security API",
   "default_name": "Microsoft Graph Security API",
   "short_description": "The Microsoft Graph Security API is an intermediary service that provides a single programmatic interface to connect multiple Microsoft Graph Security providers. Requests to the Microsoft Graph Security API are federated to all applicable security providers.",
-  "description": "Part of Microsoft Graph, the Microsoft Graph Security API integrates with security solutions from Microsoft and partners in a federated model; it can also be used in conjunction with other Microsoft Graph entities to gain additional context (for example, Office 365 and Azure AD). The API has multiple entities, including:  \n- Alerts from multiple security solutions, each representing that potentially malicious activity has been detected within the organization. \n- Secure Score provides information about an organization’s security posture, including a numeric rating based on elements like the enabled security features in your environment and outstanding security risks. This score is available at the tenant level as well as at a specific control area, such as device, app, and identity, through Secure Score Control Profiles. Scores and profiles are available from each security provider that offers them—valuable information that can help guide vulnerability remediation actions based on the suggested actions available in each profile. By default, 90 days of data is retained. \n- Threat intelligence indicators refer to information about known threats, such as malicious IP addresses, domains, or URLs. Organizations can send their threat intelligence to targeted Microsoft services to enable custom detections.\n\n**Note:** The Microsoft Graph Security Relay uses Open Data Protocol (OData) filters (specifically the any lambda operator) while querying data from Microsoft Graph Security API. The Microsoft Graph Security API is a federation service that merges data from various Microsoft alert providers. As some providers do not support OData query filters (for example, Office 365 Security and Compliance and Microsoft Defender Advanced Threat Protection), alerts from those providers will not be included in the Microsoft Graph Security Relay output.",
+  "description": "Part of Microsoft Graph, the Microsoft Graph Security API integrates with security solutions from Microsoft and partners in a federated model; it can also be used in conjunction with other Microsoft Graph entities to gain additional context (for example, Office 365 and Azure AD). The API has multiple entities, including:  \n- Alerts from multiple security solutions, each representing that potentially malicious activity has been detected within the organization. \n- Secure Score provides information about an organization’s security posture, including a numeric rating based on elements like the enabled security features in your environment and outstanding security risks. This score is available at the tenant level as well as at a specific control area, such as device, app, and identity, through Secure Score Control Profiles. Scores and profiles are available from each security provider that offers them—valuable information that can help guide vulnerability remediation actions based on the suggested actions available in each profile. By default, 90 days of data is retained. \n- Threat intelligence indicators refer to information about known threats, such as malicious IP addresses, domains, or URLs. Organizations can send their threat intelligence to targeted Microsoft services to enable custom detections.",
   "tips": "When configuring Microsoft Graph Security API integration, you must create an app in the [Azure Portal](https://portal.azure.com/). After this is complete, you then add the Microsoft Graph Security API integration module in SecureX.\n\n1. Register an application with the Microsoft identity platform. For details, see [Register an application with the Microsoft identity platform endpoint](https://docs.microsoft.com/en-us/graph/security-authorization#register-an-application-with-the-microsoft-identity-platform-endpoint).\n2. In SecureX, complete the **Add New Microsoft Graph Security API Integration Module** form:\n    - **Integration Module Name** - Leave the default name or enter a name that is meaningful to you.\n    - **Application ID**, **Tenant ID**, and **Client Secret** - Enter the account information from your Microsoft Graph Security API credentials.\n    - **Entities Limit** - Specify the maximum number of sightings in a single response, per requested observable (must be a positive value). We recommend that you enter a limit in the range of 50 to 1000. The default is 100 entities.\n\n 4. Click **Save** to complete the Microsoft Graph Security API integration module configuration.",
   "external_references": [
     {