Connecting to defenders account with python

Copper Contributor

Hello, I am very new to using some of the features that Microsoft Azure and Defender for cloud app has to follow.  Currently, I have some credentials which log me into a Microsoft Defender for cloud apps account.  When I am logged in I have access to a few urls that lead to json data.  I am trying to write a python program which can access the data in these urls.  I have been trying to do this for about a week and have had no luck.  At first I thought I could just sign into account using the credentials and the request library but I could never get the sign in to work.  I then began doing some research on the features the Microsoft accounts have to offer and it seems like there might be some way to connect a program as an app, or connect an aws ec2 which would allow me to get access.  I messed around on the accounts a little but I don't really know what I am doing.  I was wondering if anyone could point me in the right direction (like relevant documentation or some tips on how to connect).  I feel like this should be a simple task but it has been giving me a lot of trouble.  Thanks!

3 Replies
Hi,

For MDCA there are a few different ways you can connect to the REST endpoints.

You can create an application in AAD and then use client secret/client ID to exchange for an access token which then needs to be added to the HTTP request header. This is the newer method and here are a couple of articles that talk more about it.

https://docs.microsoft.com/en-us/defender-cloud-apps/api-authentication-application
https://github.com/AzureAD/microsoft-authentication-library-for-python

There is a second legacy method using an API key which is generated in the MDCA portal. In this case the token stays static.

https://docs.microsoft.com/en-us/defender-cloud-apps/api-tokens-legacy

@Keith_Fleming 

 

Thanks for the response!  I have looked into both methods some.  The second legacy method seems more appealing to me as the first seems like it wants the user to set a time limit for the credentials, which I don't really want to do (as well as the second method looks simpler).  I have generated the static token by following the directions in the link to the documentation, but don't really know what to do next.  Do I still need to use the Microsoft authentication library for python to access the data if I use this method?  I tried using the token in the requests library to access the data, but I haven't gotten it to work.  Thanks for you help so far!

Neverminded, I think I got it work work. I just needed to make a get request with the request python library to the url I wanted and supply the token in the header as {"Authorization": "Token <token_here>"}. Thanks!