Error 403 Forbidden when connect to Microsoft Defender API

ismyhairnice · May 18, 2021, 6:00am

Hi all

I am trying to connect to Microsoft Defender API using Elastic Filebeat. I followed the instructions here https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exposed-apis-create-app-webapp?view=o365-worldwide register a new application with granted permission.

However, when trying to call the api, i encountered this message:

Error while processing http request: failed to execute http [client.Do](http://client.do/): server responded with status code 403:
{"error":{"code":"Forbidden","message":"The application does not have any of the required application permissions
(Alert.ReadWrite.All, Alert.Read.All, Incident.ReadWrite.All, Incident.Read.All) to access the resource.","target":<target id>}}
{"input_source": "https://api.security.microsoft.com/api/incidents", "input_url": "https://api.security.microsoft.com/api/incidents"}

Can anyone assist me on this ?

Filebeat version: 7.12

system · June 15, 2021, 8:01am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Error retrieving logs when using Defender ATP (under Microsoft Module) Beats beats-module , filebeat	1	335	June 15, 2021
Secure user for Beats (lowest privileges as possible) Elasticsearch elastic-stack-security	1	602	April 30, 2020
Filebeat O365 Module, API proxy support Beats filebeat	2	826	September 1, 2020
403 Forbidden when trying to send logs using Filebeat Beats filebeat	1	526	August 18, 2021
Filebeat - o365 module Error, api error:AF20051 Beats filebeat	1	1224	July 20, 2020

Error 403 Forbidden when connect to Microsoft Defender API

Related topics