Error 403 Forbidden when connect to Microsoft Defender API

Hi all

I am trying to connect to Microsoft Defender API using Elastic Filebeat. I followed the instructions here https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exposed-apis-create-app-webapp?view=o365-worldwide register a new application with granted permission.

However, when trying to call the api, i encountered this message:

Error while processing http request: failed to execute http [client.Do](http://client.do/): server responded with status code 403:
{"error":{"code":"Forbidden","message":"The application does not have any of the required application permissions
(Alert.ReadWrite.All, Alert.Read.All, Incident.ReadWrite.All, Incident.Read.All) to access the resource.","target":<target id>}}
{"input_source": "https://api.security.microsoft.com/api/incidents", "input_url": "https://api.security.microsoft.com/api/incidents"}

Can anyone assist me on this ?

Filebeat version: 7.12

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.