01-10-2023 04:18 PM
Hi,
I'm installing MS 365 Defender Addon using the guide (https://xsoar.pan.dev/docs/reference/integrations/microsoft-365-defender), and the "Self-Deployed Application - Client Credentials Flow" method.
I have registered the app in Azure, and configured the addon with the App data (App Id, Secret, Tenant Id...) as in the guide.
When I execute the "!microsoft-365-defender-auth-start" command, I get an error:
I have tested different values in the fields, but the command always returns this error.
How can I debug this error? Any clue?
Thanks for your help!!
Regards,
M.
01-18-2023 01:17 AM
That's for defender for endpoint. see https://learn.microsoft.com/en-us/microsoft-365/security/defender/api-advanced-hunting?view=o365-wor...
01-17-2023 07:15 PM
Hi ,
If its still not resolved, May be best to create a support case.
For debugging, change the log level in the integration as well as application level to debug mode and try running this a few time.
You can check to see if there more info in the logs or attach the logs in support case.
01-18-2023 12:29 AM
For client credential flow you don't have to run that command, the integration should be ready to pull incidents. AFAIK auth-start starts the device code flow
01-18-2023 12:30 AM
Also don't forget to check the box where it says self deployed in the integration configuration
01-18-2023 12:51 AM
mmmm may be this is the point, I'm testing.
Anyway, when executing the "microsoft-365-defender-advanced-hunting" command i get an error:
Invalid URL 'api-eu.security.microsoft.com/api/advancedhunting/run': No scheme supplied. Perhaps you meant http://api-eu.security.microsoft.com/api/advancedhunting/run?Reading the doc (https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/run-advanced-query-api?vi...), it says that the endpoint URL is "../api/advancedqueries/run", so I'm going to do some tests.
Thanks.
Regards.
M.
01-18-2023 01:17 AM
That's for defender for endpoint. see https://learn.microsoft.com/en-us/microsoft-365/security/defender/api-advanced-hunting?view=o365-wor...
01-18-2023 01:21 AM
Really, I'm getting crazy with O365 APIs...
Thanks for your help, I go on with testing 🙂
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
