Error 403 Forbidden when connect to Microsoft Defender API

Hi all

I am trying to connect to Microsoft Defender API using Elastic Filebeat. I followed the instructions here register a new application with granted permission.

However, when trying to call the api, i encountered this message:

Error while processing http request: failed to execute http [client.Do]( server responded with status code 403:
{"error":{"code":"Forbidden","message":"The application does not have any of the required application permissions
(Alert.ReadWrite.All, Alert.Read.All, Incident.ReadWrite.All, Incident.Read.All) to access the resource.","target":<target id>}}
{"input_source": "", "input_url": ""}

Can anyone assist me on this ?

Filebeat version: 7.12

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.