Recent DiscussionsMost RecentNewest TopicsMost LikesSolutionsTagged:TagRe: Authentication issues Peter, One approach would be to request Delegated permissions for Graph SharePoint API calls and App Only permissions for Graph Security API calls. Your application would essentially be acting as a service when it retrieves security alerts, and using the user account your created when writing those alerts to the SharePoint list. Without knowing how your application is invoked I don't know if this option is feasible for you. It doesn't sound like the app is an interactive app since you've created a user which sounds like it's acting like a service account and reading and writing alerts. App Only seems like a viable option. Just make sure if the application is interactive, that it doesn't let regular users view security alerts when they otherwise wouldn't be able to. Re: How to trigger an alert / what generates an alert To trigger Azure Security Center alerts you can either create a custom rule in the ASC blade, or on an ASC protected VM, rename any .exe file to ASC_AlertTest_662jfi039N.exe. For Identity Protection, the easiest way I know to generate a test alert is to use the Tor browser to log in to your Microsoft services (Azure portal or O365 portal). This will generate an alert which says you logged in from an anonymous IP address. Re: Authentication issues Sajith, you need to ensure the application has been granted the required permissions by the tenant admin and if using delegated permissions you need to ensure the user has the right role in AAD which is either Global Admin, or one of the Limited Administrator roles of Security Reader and/or Security Writer.
Recent Blog ArticlesNewest TopicsMost LikesTagged:TagEnrich Azure Sentinel security incidents with the RiskIQ Intelligence Connector Integrate the insights from RiskIQ Internet Intelligence Graph with Azure Sentinel incidents to provide your security operations with valuable context to supercharge your threat investigations...Using Azure Playbooks to import text-based threat indicators to Azure Sentinel Import threat indicators to Azure Sentinel from any text-based feed with Azure Logic App Playbooks. Bring your threat intelligence to Microsoft Sentinel Learn how to take full advantage of threat intelligence in Microsoft Sentinel.
