Forum Discussion

dmarquesgn's avatar
dmarquesgn
Iron Contributor
Dec 13, 2022
Solved

Use Powershell to get data from Defender Advanced Hunting Queries

Hi, I have an advanced query on Defender to extract the number of vulnerabilities by it's severity type, which is this one: DeviceTvmSoftwareVulnerabilities | summarize count() by Vulnerabili...
Windows PowerShell
  • VasilMichev's avatar
    VasilMichev
    Dec 17, 2022
    403 is usually permissions - check the token as it's either expired or doesn't contain all relevant scopes.
dmarquesgn's avatar
dmarquesgn
Iron Contributor
Dec 16, 2022

VasilMichev 

Hi, I changed the request for this format:

$vulnUrl = ' { "query": "DeviceTvmSoftwareVulnerabilities | summarize count() by  VulnerabilitySeverityLevel" } '
$vulnUrlUri = 'https://graph.microsoft.com/beta/security/runHuntingQuery'
$vulnResponse = Invoke-WebRequest -Method POST -Uri $vulnUrlUri -Body $vulnUrl -Headers $headers -ErrorAction Stop

But I've got an error:

Invoke-WebRequest : The remote server returned an error: (403) Forbidden.

 

So I'm still missing something here. The permissions are supposed to be ok now. What am I still missing?

Thanks

VasilMichev's avatar
VasilMichev
MVP
Dec 17, 2022
403 is usually permissions - check the token as it's either expired or doesn't contain all relevant scopes.
  • dmarquesgn's avatar
    dmarquesgn
    Iron Contributor
    Dec 20, 2022
    Hi,
    That was the issue, an adjustment was needed, but now it's working fine.
    Thanks for the help, it was really valuable.

Resources