User Profile
Emc
Former Employee
Joined Sep 19, 2019
User Widgets
Recent Discussions
Re: Powershell API Calls to Create Tags Failing with no Error Message
bellinghamlady Ok interesting - thank you for the clarification. The geo of the endpoint should be fine either way. Interestingly, I also noticed some similar anomalies in my own requests., but I think my problem was slightly different from yours. For example, I would have a web request inside a conditional statement to filter for a specific set of machines in a domain, and add a tag to them. However, seemingly randomly, machines would be left out of the expected dataset when compared to the manual export, even although all requests were within the same loop function - that being said, all machines in my dataset always had their tag added successfully by the script, despite outliers being left out which could indicate some trouble with the API itself. I'm not sure, I need to debug this particular issue more. Upon running the script multiple times, the outliers would eventually be picked up which further may exclude possibility the script itself is buggy. For clarification, I was working with small sets of requests of less than 50 machines each time, so no possibility of reaching the request limit.2.2KViews0likes0CommentsRe: Powershell API Calls to Create Tags Failing with no Error Message
Hi, bellinghamlady Thanks for sharing your question with us! In general, you’ll need to take the following steps to use the APIs: Create an AAD application Get an access token using this application Use the token to access Defender for Endpoint API I believe the API endpoint may be expecting a token to be sent with each request. You must also add an app registration on the Azure AD tenant and give it permissions to authenticate with the API endpoint. Can you post a screenshot of the output in your IDE? If there is a 200 code coming back from the endpoint then it doesn't necessarily indicate an authentication issue of course. I'm currently writing an application which is doing a similar thing, here is how I'm doing it - you could try it this way and see if the behaviour changes: $tenantId = '' ### Paste your tenant ID (Azure AD Tenant ID) here $appId = '' ### Paste your Application ID here $appSecret = '' ### Paste your Application key here $authBody = [Ordered] @{ resource = "$resourceAppIdUri" client_id = "$appId" client_secret = "$appSecret" grant_type = 'client_credentials' } Write-Host "Authenticating..." $authResponse = Invoke-RestMethod -Method Post -Uri $oAuthUri -Body $authBody -ErrorAction Stop #Setting up a new variable which is referencing the access token attribute inside the authResponse. Write-Host "Generating Token..." $token = $authResponse.access_token #This is our token object which we include in the web request as a JSON construct. $HeaderToken = @{ "Authorization" = "Bearer $token" } #Now we have our token generated, we can create our request to change the tags and send it to the API endpoint $url = 'https://api.securitycenter.windows.com/api/machines' $JSONTAG = [Ordered] @{ Action = "Add" ; Value = "#######"} | ConvertTo-Json -Compress $request = Invoke-WebRequest -Method POST -Uri $url -Header $HeaderToken -body $JSONTAG You can also use the Microsoft authentication library to generate credentials for the user who is running the script, that requires an additional PowerShell module to be imported and a different authentication function in the script. Within Azure AD, you also have various options to authenticate - I personally find the above method works well especially if I want to abstract the permissions in the token I'm generating from the user or service who is running the script, which can then be controlled in Azure AD. Further documentation: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/apis-intro Let us know if this helps at all and if there are any further questions, Best regards,2.2KViews0likes2Comments
Recent Blog Articles
No content to show