diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/aruba-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/aruba-logo.png new file mode 100644 index 0000000000..037ca3b833 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/aruba-logo.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/bettermobile-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/bettermobile-logo.png new file mode 100644 index 0000000000..03c731e2d6 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/bettermobile-logo.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/bitdefender-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/bitdefender-logo.png new file mode 100644 index 0000000000..a04e552d0e Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/bitdefender-logo.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/bluehexagon-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/bluehexagon-logo.png new file mode 100644 index 0000000000..73c502b488 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/bluehexagon-logo.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/corrata-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/corrata-logo.png new file mode 100644 index 0000000000..be75af835c Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/corrata-logo.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/cybermdx-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/cybermdx-logo.png new file mode 100644 index 0000000000..90d32e2508 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/cybermdx-logo.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/cyren-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/cyren-logo.png new file mode 100644 index 0000000000..155137e4fd Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/cyren-logo.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/lookout-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/lookout-logo.png new file mode 100644 index 0000000000..7d3c2f51e4 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/lookout-logo.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/misp-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/misp-logo.png new file mode 100644 index 0000000000..39c75e6b09 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/misp-logo.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/morphisec-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/morphisec-logo.png new file mode 100644 index 0000000000..a0a63ce9d6 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/morphisec-logo.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/nextron-thor-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/nextron-thor-logo.png new file mode 100644 index 0000000000..e0b5860da6 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/nextron-thor-logo.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/paloalto-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/paloalto-logo.png new file mode 100644 index 0000000000..fbd16e8c9c Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/paloalto-logo.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/symantec-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/symantec-logo.png new file mode 100644 index 0000000000..856c312fcd Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/symantec-logo.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/threatconnect-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/threatconnect-logo.png new file mode 100644 index 0000000000..f06fcc7589 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/threatconnect-logo.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/vectra-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/vectra-logo.png new file mode 100644 index 0000000000..a7b6dbc9a9 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/vectra-logo.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/zimperium-logo.png b/windows/security/threat-protection/microsoft-defender-atp/images/zimperium-logo.png new file mode 100644 index 0000000000..5f5451d743 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/zimperium-logo.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md index eadee9a3b6..0cced2f956 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md +++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md @@ -38,82 +38,71 @@ Microsoft Defender ATP seamlessly integrates with existing security solutions - Logo |Partner name | Description :---|:---|:--- -![Image of AttackIQ logo](images/attackiq-logo.png)| AttackIQ Platform | AttackIQ Platform validates MDATP is configured properly by launching continuous attacks safely on production assets -![Image of Azure Sentinel logo](images/sentinel-logo.png)|AzureSentinel | Stream alerts from Microsoft Defender Advanced Threat Protection into Azure Sentinel -![Image of Cymulate logo](images/cymulate-logo.png) | Cymulate| Correlate Defender ATP findings with simulated attacks to validate accurate detection and effective response actions -![Image of Elastic security logo](images/elastic-security-logo.png) | Elastic Security | Elastic Security is a free and open solution for preventing, detecting, and responding to threats -![Image of IBM QRadar logo](images/ibm-qradar-logo.png) | IBM QRadar | Configure IBM QRadar to collect detections from Microsoft Defender ATP -![Image of Micro Focus ArcSight logo](images/arcsight-logo.png) | Micro Focus ArcSight | Use Micro Focus ArcSight to pull Microsoft Defender ATP detections -![Image of RSA NetWitness logo](images/rsa-netwitness-logo.png) | RSA NetWitness | Stream Microsoft Defender ATP Alerts to RSA NetWitness leveraging Microsoft Graph Security API -![Image of SafeBreach logo](images/safebreach-logo.png) |SafeBreach| Gain visibility into Microsoft Defender ATP security events that are automatically correlated with SafeBreach simulations -![Image of Skybox Vulnerability Control logo](images/skybox-logo.png) | Skybox Vulnerability Control | Skybox Vulnerability Control cuts through the noise of vulnerability management, correlating business, network and threat context to uncover your riskiest vulnerabilities -![Image of Splunk logo](images/splunk-logo.png) | Splunk | The Microsoft Defender ATP Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk -![Image of XM Cyber logo](images/xmcyber-logo.png) | XM Cyber | Prioritize your response to an alert based on risk factors and high value assets. +![Image of AttackIQ logo](images/attackiq-logo.png)| [AttackIQ Platform](https://go.microsoft.com/fwlink/?linkid=2103502) | AttackIQ Platform validates MDATP is configured properly by launching continuous attacks safely on production assets +![Image of Azure Sentinel logo](images/sentinel-logo.png)| [AzureSentinel](https://go.microsoft.com/fwlink/?linkid=2135705) | Stream alerts from Microsoft Defender Advanced Threat Protection into Azure Sentinel +![Image of Cymulate logo](images/cymulate-logo.png) | [Cymulate](https://go.microsoft.com/fwlink/?linkid=2135574)| Correlate Defender ATP findings with simulated attacks to validate accurate detection and effective response actions +![Image of Elastic security logo](images/elastic-security-logo.png) | [Elastic Security](https://go.microsoft.com/fwlink/?linkid=2139303) | Elastic Security is a free and open solution for preventing, detecting, and responding to threats +![Image of IBM QRadar logo](images/ibm-qradar-logo.png) | [IBM QRadar](https://go.microsoft.com/fwlink/?linkid=2113903) | Configure IBM QRadar to collect detections from Microsoft Defender ATP +![Image of Micro Focus ArcSight logo](images/arcsight-logo.png) | [Micro Focus ArcSight](https://go.microsoft.com/fwlink/?linkid=2113548) | Use Micro Focus ArcSight to pull Microsoft Defender ATP detections +![Image of RSA NetWitness logo](images/rsa-netwitness-logo.png) | [RSA NetWitness](https://go.microsoft.com/fwlink/?linkid=2118566) | Stream Microsoft Defender ATP Alerts to RSA NetWitness leveraging Microsoft Graph Security API +![Image of SafeBreach logo](images/safebreach-logo.png) | [SafeBreach](https://go.microsoft.com/fwlink/?linkid=2114114)| Gain visibility into Microsoft Defender ATP security events that are automatically correlated with SafeBreach simulations +![Image of Skybox Vulnerability Control logo](images/skybox-logo.png) | [Skybox Vulnerability Control](https://go.microsoft.com/fwlink/?linkid=2127467) | Skybox Vulnerability Control cuts through the noise of vulnerability management, correlating business, network and threat context to uncover your riskiest vulnerabilities +![Image of Splunk logo](images/splunk-logo.png) | [Splunk](https://go.microsoft.com/fwlink/?linkid=2129805) | The Microsoft Defender ATP Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk +![Image of XM Cyber logo](images/xmcyber-logo.png) | [XM Cyber](https://go.microsoft.com/fwlink/?linkid=2136700) | Prioritize your response to an alert based on risk factors and high value assets. ### Orchestration and automation Logo |Partner name | Description :---|:---|:--- -![Image of CyberSponse CyOps logo](images/cybersponse-logo.png) | CyberSponse CyOps | CyOps integrates with Microsoft Defender ATP to automate customers' high-speed incident response playbooks -![Image of Delta Risk ActiveEye logo](images/delta-risk-activeeye-logo.png) | Delta Risk ActiveEye | Delta Risk, a leading provider of SOC-as-a-Service and security services, integrate Microsoft Defender ATP with its cloud-native SOAR platform. ActiveEye -![Image of Demisto, a Palo Alto Networks Company logo](images/demisto-logo.png) | Demisto, a Palo Alto Networks Company | Demisto integrates with Microsoft Defender ATP to enable security teams to orchestrate and automate endpoint security monitoring, enrichment and response -![Image of Microsoft Flow & Azure Functions logo](images/ms-flow-logo.png) | Microsoft Flow & Azure Functions | Use the Microsoft Defender ATP connectors for Azure Logic Apps & Microsoft Flow to automating security procedures -![Image of Rapid7 InsightConnect logo](images/rapid7-logo.png) | Rapid7 InsightConnect | InsightConnect integrates with Microsoft Defender ATP to accelerate, streamline, and integrate your time-intensive security processes -![Image of ServiceNow logo](images/servicenow-logo.png) | ServiceNow | Ingest alerts into ServiceNow Security Operations solution based on Microsoft Graph API integration -![Image of Swimlane logo](images/swimlane-logo.png) | Swimlane | Maximize incident response capabilities utilizing Swimlane and Microsoft Defender ATP together +![Image of CyberSponse CyOps logo](images/cybersponse-logo.png) | [CyberSponse CyOps](https://go.microsoft.com/fwlink/?linkid=2115943) | CyOps integrates with Microsoft Defender ATP to automate customers' high-speed incident response playbooks +![Image of Delta Risk ActiveEye logo](images/delta-risk-activeeye-logo.png) | [Delta Risk ActiveEye](https://go.microsoft.com/fwlink/?linkid=2127468) | Delta Risk, a leading provider of SOC-as-a-Service and security services, integrate Microsoft Defender ATP with its cloud-native SOAR platform, ActiveEye. +![Image of Demisto, a Palo Alto Networks Company logo](images/demisto-logo.png) | [Demisto, a Palo Alto Networks Company](https://go.microsoft.com/fwlink/?linkid=2108414) | Demisto integrates with Microsoft Defender ATP to enable security teams to orchestrate and automate endpoint security monitoring, enrichment and response +![Image of Microsoft Flow & Azure Functions logo](images/ms-flow-logo.png) | [Microsoft Flow & Azure Functions](https://go.microsoft.com/fwlink/?linkid=2114300) | Use the Microsoft Defender ATP connectors for Azure Logic Apps & Microsoft Flow to automating security procedures +![Image of Rapid7 InsightConnect logo](images/rapid7-logo.png) | [Rapid7 InsightConnect](https://go.microsoft.com/fwlink/?linkid=2116040) | InsightConnect integrates with Microsoft Defender ATP to accelerate, streamline, and integrate your time-intensive security processes +![Image of ServiceNow logo](images/servicenow-logo.png) | [ServiceNow](https://go.microsoft.com/fwlink/?linkid=2135621) | Ingest alerts into ServiceNow Security Operations solution based on Microsoft Graph API integration +![Image of Swimlane logo](images/swimlane-logo.png) | [Swimlane](https://go.microsoft.com/fwlink/?linkid=2113902) | Maximize incident response capabilities utilizing Swimlane and Microsoft Defender ATP together +### Threat intelligence - - - - - - - -![Image of logo](images/-logo.png) | - - -![Image of logo](images/-logo.png) | - - -![Image of logo](images/-logo.png) | - - - - - - - - -Partner name | Description |Category +Logo |Partner name | Description :---|:---|:--- -|AzureSentinel | Stream alerts from Microsoft Defender Advanced Threat Protection into Azure Sentinel |Security information and analytics -|Elastic Security | Elastic Security is a free and open solution for preventing, detecting, and responding to threats.|Security information and analytics -|AttackIQ Platform | AttackIQ Platform validates MDATP is configured properly by launching continuous attacks safely on production assets|Security information and analytics -|Skybox Vulnerability Control | Skybox Vulnerability Control cuts through the noise of vulnerability management, correlating business, network threat context to uncover your riskiest vulnerabilities.|Security information and analytics -| Splunk | The Microsoft Defender ATP Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk |Security information and analytics -|IBM QRadar | Configure IBM QRadar to collect detections from Microsoft Defender ATP |Security information and analytics -|Cymulate | Correlate Defender ATP findings with simulated attacks to validate accurate detection and effective response actions |Security information and analytics -| HP ArcSight |Use HP ArcSight to pull Microsoft Defender ATP detections |Security information and analytics -|SafeBreach | Gain visibility into Microsoft Defender ATP security events that are automatically correlated with SafeBreach simulations|Security information and analytics -| RSA NetWitness| Steam Microsoft Defender ATP Alerts to RSA NetWitness leveraging Microsoft Graph Security API|Security information and analytics -| XM Cyber| Prioritize your response to an alert based on risk factors and high value assets.|Security information and analytics - Demisto, a Palo Alto Networks Company|Demisto integrates with Microsoft Defender ATP to enable security teams to orchestrate and automate endpoint security monitoring, enrichment and response|Orchestration and automation - |||Orchestration and automation - |||Orchestration and automation - |||Orchestration and automation - |||Orchestration and automation - |||Orchestration and automation - |||Orchestration and automation -Palo Alto Networks |Enrich your endpoint protection by extending Autofocus and other threat feeds to Microsoft Defender ATP using MineMeld|Threat intelligence -ThreatConnect | Alert and/or block on custom threat intelligence from ThreatConnect Playbooks using Microsoft Defender ATP connectors |Threat intelligence -MISP (Malware Information Sharing Platform) | Integrate threat indicators from the Open Source Threat Intelligence Sharing Platform into your Microsoft Defender ATP environment| Threat intelligence - |||Network security - ||| Cross platform -||| Additional integrations - ||| Manages security service providers +![Image of MISP Malware Information Sharing Platform)logo](images/misp-logo.png) | [MISP (Malware Information Sharing Platform)](https://go.microsoft.com/fwlink/?linkid=2127543) | Integrate threat indicators from the Open Source Threat Intelligence Sharing Platform into your Microsoft Defender ATP environment +![Image of Palo Alto Networks logo](images/paloalto-logo.png) | [Palo Alto Networks](https://go.microsoft.com/fwlink/?linkid=2099582) | Enrich your endpoint protection by extending Autofocus and other threat feeds to Microsoft Defender ATP using MineMeld +![Image of ThreatConnect logo](images/threatconnect-logo.png) | [ThreatConnect](https://go.microsoft.com/fwlink/?linkid=2114115) | Alert and/or block on custom threat intelligence from ThreatConnect Playbooks using Microsoft Defender ATP indicators + + + +### Network security +Logo |Partner name | Description +:---|:---|:--- +![Image of Aruba ClearPass Policy Manager logo](images/aruba-logo.png) | [Aruba ClearPass Policy Manager](https://go.microsoft.com/fwlink/?linkid=2127544) | Ensure Microsoft Defender ATP is installed and updated on each endpoint before allowing access to the network +![Image of Blue Hexagon for Network logo](images/bluehexagon-logo.png) | [Blue Hexagon for Network](https://go.microsoft.com/fwlink/?linkid=2104613) | Blue Hexagon has built the industry's first real-time deep learning platform for network threat protection +![Image of CyberMDX logo](images/cybermdx-logo.png) | [CyberMDX](https://go.microsoft.com/fwlink/?linkid=2135620) | Cyber MDX integrates comprehensive healthcare assets visibility, threat prevention and repose into your Microsoft Defender ATP environment +![Image of Vectra Network Detection and Response (NDR) logo](images/vectra-logo.png) |[Vectra Network Detection and Response (NDR)](https://go.microsoft.com/fwlink/?linkid=866934)| Vectra applies AI & security research to detect and respond to cyber-attacks in real time + + +### Cross platform +Logo |Partner name | Description +:---|:---|:--- +![Image of Bitdefender logo](images/bitdefender-logo.png)| [Bitdefender](https://go.microsoft.com/fwlink/?linkid=860032)| Bitdefender GravityZone is a layered next generation endpoint protection platform offering comprehensive protection against the full spectrum of sophisticated cyber threats +![Image of Better Mobile logo](images/bettermobile-logo.png) | [Better Mobile](https://go.microsoft.com/fwlink/?linkid=2086214)| AI based MTD solution to stop mobile threats & phishing. Private internet browsing to protect user privacy +![Image of Corrata logo](images/corrata-logo.png)| [Corrata](https://go.microsoft.com/fwlink/?linkid=2081148) | Mobile solution - Protect your mobile devices with granular visibility and control from Corrata +![Image of Lookout logo](images/lookout-logo.png)| [Lookout](https://go.microsoft.com/fwlink/?linkid=866935)| Get Lookout Mobile Threat Protection telemetry for Android and iOS mobile devices +![Image of Symantec Endpoint Protection Mobile logo](images/symantec-logo.png) | [Symantec Endpoint Protection Mobile](https://go.microsoft.com/fwlink/?linkid=2090992)| SEP Mobile helps businesses predict, detect and prevent security threats and vulnerabilities on mobile devices +![Image of Zimperium logo](images/zimperium-logo.png)| [Zimperium](https://go.microsoft.com/fwlink/?linkid=2118044)|Extend your Microsoft Defender ATP to iOS and Android with Machine Learning-based Mobile Threat Defense + + +## Additional integrations +Logo |Partner name | Description +:---|:---|:--- +![Image of Cyren Web Filter logo](images/cyren-logo.png)| [Cyren Web Filter](https://go.microsoft.com/fwlink/?linkid=2108221)| Enhance your Microsoft Defender ATP with advanced Web Filtering +![Image of Morphisec logo](images/morphisec-logo.png)| [Morphisec](https://go.microsoft.com/fwlink/?linkid=2086215)| Provides Moving Target Defense-powered advanced threat prevention and integrates forensics data directly into WD Security Center dashboards to help prioritize alerts, determine device at-risk score and visualize full attack timeline including internal memory information +![Image of THOR Cloud logo](images/nextron-thor-logo.png)| [THOR Cloud](https://go.microsoft.com/fwlink/?linkid=862988)| Provides on-demand live forensics scans using a signature base with focus on persistent threats + + + ## SIEM integration Microsoft Defender ATP supports SIEM integration through a variety of methods - specialized SIEM system interface with out of the box connectors, a generic alert API enabling custom implementations, and an action API enabling alert status management. For more information, see [Enable SIEM integration](enable-siem-integration.md).