I'm installing MS 365 Defender Addon using the guide (https://xsoar.pan.dev/docs/reference/integrations/microsoft-365-defender), and the "Self-Deployed Application - Client Credentials Flow" method.
I have registered the app in Azure, and configured the addon with the App data (App Id, Secret, Tenant Id...) as in the guide.
When I execute the "!microsoft-365-defender-auth-start" command, I get an error:
I have tested different values in the fields, but the command always returns this error.
How can I debug this error? Any clue?
Thanks for your help!!
If its still not resolved, May be best to create a support case.
For debugging, change the log level in the integration as well as application level to debug mode and try running this a few time.
You can check to see if there more info in the logs or attach the logs in support case.
mmmm may be this is the point, I'm testing.
Anyway, when executing the "microsoft-365-defender-advanced-hunting" command i get an error:
Invalid URL 'api-eu.security.microsoft.com/api/advancedhunting/run': No scheme supplied. Perhaps you meant http://api-eu.security.microsoft.com/api/advancedhunting/run?
Reading the doc (https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/run-advanced-query-api?vi...), it says that the endpoint URL is "../api/advancedqueries/run", so I'm going to do some tests.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!