Installation Preview.

The following resources will be created or updated in your tenant.

Applications

Hunt&Hackett Secops Application

Hunt&Hackett's Secops application to fetch data directly to Secops

View Permissions
Resource Permission Type
Microsoft Graph DeviceManagementApps.Read.All Role
Microsoft Graph Directory.Read.All Role
Microsoft Graph SecurityEvents.Read.All Role
Microsoft Graph AuditLog.Read.All Role

Hunt&Hackett EntraIDUsers Application

EntraID application to perform user Response actions from the SOAR platform

View Permissions
Resource Permission Type
Microsoft Graph User.EnableDisableAccount.All Role
Microsoft Graph User.RevokeSessions.All Role
Microsoft Graph User.Read.All Role

Hunt&Hackett GraphApi Application

Hunt&Hackett Graph API application to fetch user authentication configuration data directly to SOAR

View Permissions
Resource Permission Type
Microsoft Graph UserAuthenticationMethod.Read.All Role

Hunt&Hackett Threathunting Application

Hunt&Hackett Threathunting application to access Defender data for threathunting purposes

View Permissions
Resource Permission Type
Microsoft Threat Protection AdvancedHunting.Read.All Role
Microsoft Threat Protection Incident.Read.All Role

Hunt&Hackett Windows Defender ATP Application

Defender ATP Application to perform endpoint response actions from the SOAR platform

View Permissions
Resource Permission Type
WindowsDefenderATP File.Read.All Role
WindowsDefenderATP Ip.Read.All Role
WindowsDefenderATP Machine.CollectForensics Role
WindowsDefenderATP Machine.Isolate Role
WindowsDefenderATP Machine.ReadWrite.All Role
WindowsDefenderATP Machine.RestrictExecution Role
WindowsDefenderATP Machine.Scan Role
WindowsDefenderATP Machine.StopAndQuarantine Role
WindowsDefenderATP Url.Read.All Role
WindowsDefenderATP User.Read.All Role
WindowsDefenderATP Ti.ReadWrite Role
WindowsDefenderATP Vulnerability.Read.All Role
WindowsDefenderATP Software.Read.All Role
WindowsDefenderATP Machine.LiveResponse Role
WindowsDefenderATP Machine.Read.All Role

Hunt&Hackett DefenderXDR Application

DefenderXDR application fetch Defender365 incidents to SOAR platform

View Permissions
Resource Permission Type
Microsoft Threat Protection AdvancedHunting.Read.All Role
Microsoft Threat Protection Incident.Read.All Role
Microsoft Threat Protection Incident.ReadWrite.All Role
Microsoft Graph ThreatHunting.Read.All Role

Groups

huntandhackett service accounts Group

Group for service accounts used by Hunt & Hackett

Service Accounts

HuntandHackett SOC Security Account Service Account

Service account used to access the security portal

View Roles (1)
  • Security Operator

HuntandHackett Integration Test Account Service Account

Basic user service account used for automated end-to-end testing.

No roles assigned.

Conditional Access Policies

Hunt and Hackett - MDR Serviceaccounts IP Restriction Policy

Location Name: Hunt and Hackett Known IP

Back Proceed to Consent