This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

MS 365 Defender Integration Error

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

MS 365 Defender Integration Error

Go to solution
MTubia
L1 Bithead

‎01-10-2023 04:18 PM

Hi,

 

I'm installing MS 365 Defender Addon using the guide (https://xsoar.pan.dev/docs/reference/integrations/microsoft-365-defender), and the "Self-Deployed Application - Client Credentials Flow" method.

 

I have registered the app in Azure, and configured the addon with the App data (App Id, Secret, Tenant Id...) as in the guide.

 

When I execute the "!microsoft-365-defender-auth-start" command, I get an error:

 

MTubia_0-1673396136905.png

 

I have tested different values in the fields, but the command always returns this error.

 

How can I debug this error? Any clue?

 

Thanks for your help!!

Regards,

M.

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
EnesOzdemir
L3 Networker

‎01-18-2023 01:17 AM

That's for defender for endpoint. see https://learn.microsoft.com/en-us/microsoft-365/security/defender/api-advanced-hunting?view=o365-wor...

 

View solution in original post

0 Likes Likes
6 REPLIES 6

Go to solution
sramesh-7
L2 Linker

‎01-17-2023 07:15 PM

Hi , 


If its still not resolved, May be best to create a support case. 

For debugging, change the log level in the integration as well as application level to debug mode and try running this a few time.

You can check to see if there more info in the logs or attach the logs in support case.

0 Likes Likes

Go to solution
EnesOzdemir
L3 Networker

‎01-18-2023 12:29 AM

For client credential flow you don't have to run that command, the integration should be ready to pull incidents. AFAIK auth-start starts the device code flow

 

0 Likes Likes

Go to solution
EnesOzdemir
L3 Networker

‎01-18-2023 12:30 AM

Also don't forget to check the box where it says self deployed in the integration configuration

 

0 Likes Likes

Go to solution
MTubia
L1 Bithead
In response to EnesOzdemir

‎01-18-2023 12:51 AM

mmmm may be this is the point, I'm testing.

Anyway, when executing the "microsoft-365-defender-advanced-hunting" command i get an error:

Invalid URL 'api-eu.security.microsoft.com/api/advancedhunting/run': No scheme supplied. Perhaps you meant http://api-eu.security.microsoft.com/api/advancedhunting/run?

Reading the doc (https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/run-advanced-query-api?vi...), it says that the endpoint URL is "../api/advancedqueries/run", so I'm going to do some tests.

 

Thanks.

Regards.

M.

0 Likes Likes

Go to solution
EnesOzdemir
L3 Networker

‎01-18-2023 01:17 AM

That's for defender for endpoint. see https://learn.microsoft.com/en-us/microsoft-365/security/defender/api-advanced-hunting?view=o365-wor...

 

0 Likes Likes

Go to solution
MTubia
L1 Bithead
In response to EnesOzdemir

‎01-18-2023 01:21 AM

Really, I'm getting crazy with O365 APIs...

Thanks for your help, I go on with testing 🙂

0 Likes Likes
  • 1 accepted solution
  • 2044 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks