Hi all
I am trying to connect to Microsoft Defender API using Elastic Filebeat. I followed the instructions here https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exposed-apis-create-app-webapp?view=o365-worldwide register a new application with granted permission.
However, when trying to call the api, i encountered this message:
Error while processing http request: failed to execute http [client.Do](http://client.do/): server responded with status code 403:
{"error":{"code":"Forbidden","message":"The application does not have any of the required application permissions
(Alert.ReadWrite.All, Alert.Read.All, Incident.ReadWrite.All, Incident.Read.All) to access the resource.","target":<target id>}}
{"input_source": "https://api.security.microsoft.com/api/incidents", "input_url": "https://api.security.microsoft.com/api/incidents"}
Can anyone assist me on this ?
Filebeat version: 7.12