Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Microsoft Graph Security API - Issue with https://graph.microsoft.com/beta/security/tiIndicators

Brass Contributor

Hi All

I am trying to use Microsoft graph API threat Indicators API based on Azure sentinel recommended way of integrating threat intelligence sources for IOC ingestion to Sentinel Instance. I perform the following steps in linux curl to test the functionality :

  • Get the OAuth token from Microsoft using : 
curl -X POST -d 'grant_type=client_credentials&client_id=[myClientId]&client_secret=[myAppSecret]&scope=openid profile ThreatIndicators.ReadWrite.OwnedBy' https://login.microsoftonline.com/[myTenantId]/oauth2/token

{
  "error": {
    "code": "InvalidAuthenticationToken",
    "message": "Access token validation failure. Invalid audience.",
    "innerError": {
      "request-id": "########################",
      "date": "2019-12-19T07:41:51"
    }
  }

 

Anybody has Idea how to use this ? Main motive is to use graph API POST query to insert threat indicators in Azure Sentinel

3 Replies
best response confirmed by Ofer_Shezaf (Microsoft)
Solution

@Ofer_Shezaf 

Hi Ofer 

 

we received the answer in stack overflow channel. FYI please refer to below link for solution:

https://stackoverflow.com/a/59419650/8664718 

1 best response

Accepted Solutions
best response confirmed by Ofer_Shezaf (Microsoft)
Solution

@Ofer_Shezaf 

Hi Ofer 

 

we received the answer in stack overflow channel. FYI please refer to below link for solution:

https://stackoverflow.com/a/59419650/8664718 

View solution in original post