Forum Discussion
Microsoft Graph Security API - Issue with https://graph.microsoft.com/beta/security/tiIndicators
Hi All
I am trying to use Microsoft graph API threat Indicators API based on Azure sentinel recommended way of integrating threat intelligence sources for IOC ingestion to Sentinel Instance. I perform the following steps in linux curl to test the functionality :
- Get the OAuth token from Microsoft using :
curl -X POST -d 'grant_type=client_credentials&client_id=[myClientId]&client_secret=[myAppSecret]&scope=openid profile ThreatIndicators.ReadWrite.OwnedBy' https://login.microsoftonline.com/[myTenantId]/oauth2/token
- Using the received bearer token calling the following API: curl -X GET -H "Authorization: Bearer [access token]" https://graph.microsoft.com/beta/security/tiIndicators
- I am receiving below mentioned error:
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure. Invalid audience.",
"innerError": {
"request-id": "########################",
"date": "2019-12-19T07:41:51"
}
}
Anybody has Idea how to use this ? Main motive is to use graph API POST query to insert threat indicators in Azure Sentinel
Hi Ofer
we received the answer in stack overflow channel. FYI please refer to below link for solution:
https://stackoverflow.com/a/59419650/8664718
3 Replies
- Ofer_Shezaf
Microsoft
Jason_Wescott , Matt Egen : care to have a look?
Hi Ofer
we received the answer in stack overflow channel. FYI please refer to below link for solution:
https://stackoverflow.com/a/59419650/8664718
- Ofer_Shezaf
Thanks for the update Deepanshu_Marwah
