Forum Discussion

mdenning's avatar
mdenning
Copper Contributor
Jun 29, 2022

Connecting to defenders account with python

Hello, I am very new to using some of the features that Microsoft Azure and Defender for cloud app has to follow.  Currently, I have some credentials which log me into a Microsoft Defender for cloud apps account.  When I am logged in I have access to a few urls that lead to json data.  I am trying to write a python program which can access the data in these urls.  I have been trying to do this for about a week and have had no luck.  At first I thought I could just sign into account using the credentials and the request library but I could never get the sign in to work.  I then began doing some research on the features the Microsoft accounts have to offer and it seems like there might be some way to connect a program as an app, or connect an aws ec2 which would allow me to get access.  I messed around on the accounts a little but I don't really know what I am doing.  I was wondering if anyone could point me in the right direction (like relevant documentation or some tips on how to connect).  I feel like this should be a simple task but it has been giving me a lot of trouble.  Thanks!

3 Replies

  • Hi,

    For MDCA there are a few different ways you can connect to the REST endpoints.

    You can create an application in AAD and then use client secret/client ID to exchange for an access token which then needs to be added to the HTTP request header. This is the newer method and here are a couple of articles that talk more about it.

    https://docs.microsoft.com/en-us/defender-cloud-apps/api-authentication-application
    https://github.com/AzureAD/microsoft-authentication-library-for-python

    There is a second legacy method using an API key which is generated in the MDCA portal. In this case the token stays static.

    https://docs.microsoft.com/en-us/defender-cloud-apps/api-tokens-legacy
    • mdenning's avatar
      mdenning
      Copper Contributor

      Keith_Fleming 

       

      Thanks for the response!  I have looked into both methods some.  The second legacy method seems more appealing to me as the first seems like it wants the user to set a time limit for the credentials, which I don't really want to do (as well as the second method looks simpler).  I have generated the static token by following the directions in the link to the documentation, but don't really know what to do next.  Do I still need to use the Microsoft authentication library for python to access the data if I use this method?  I tried using the token in the requests library to access the data, but I haven't gotten it to work.  Thanks for you help so far!

      • mdenning's avatar
        mdenning
        Copper Contributor
        Neverminded, I think I got it work work. I just needed to make a get request with the request python library to the url I wanted and supply the token in the header as {"Authorization": "Token <token_here>"}. Thanks!

Resources