Hi all.
I have come up with an idea of syncing both Defender as well as Rapid7 alerts. I mean to say, our organization is maintaining both Defender as well as Rapid7 SIEM for alerts and investigation management. Now the issue is, we have some of the alerts(same alert) getting triggered both in Rapid7 and Defender, and our analysts are investigating them on Defender while leaving the Rapid7 Investigations in their original state with no comments or notes. Since our primary SIEM is Rapid7, we don’t want to suppress this in Rapid7 instead we want to sync both Rapid7 and Defender. So, whenever the analysts modify the alerts in defender, that should reflect in Rapid7 SIEM as well automatically.
Is there any capability exists for this use case in Rapid7 already? Like any plugins we have? Or do we need to separately build automation with HTTP requests and Custom API calls?
Need your help on this.
Thank You!!