Error retrieving logs when using Defender ATP (under Microsoft Module)

ismyhairnice · May 18, 2021, 1:06am

Hi all

I am trying to retrieve some Defender ATP logs from Azure using Microsoft Module and encountered error. Current Filebeat version is 7.12.

2021-05-10T13:01:17.495+0800    ERROR   [input.httpjson-cursor] v2/request.go:186 
error processing response: the requested root field is empty 
{"input_source": "https://api.securitycenter.windows.com/api/alerts", "input_url": "https://api.securitycenter.windows.com/api/alerts"}

I followed the instructions from https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-microsoft.html#_defender_atp_fileset_settings to setup and enter configuration settings accordingly.

And also the application api is granted with correct permissions.

Could anyone assist me on this?

system · June 15, 2021, 3:06am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Error 403 Forbidden when connect to Microsoft Defender API Beats beats-module , filebeat	1	514	June 15, 2021
Can filebeat's o365 module fetch windows defender logs Beats filebeat	3	256	December 8, 2022
Filebeat ThreatIntel MISP Module Beats filebeat	3	669	June 25, 2021
Microsoft Filebeat Module - Lack of ECS utilization Beats ecs-elastic-common-schema , filebeat	7	452	October 25, 2022
Defender_atp module error message Beats filebeat	2	214	July 6, 2023

Error retrieving logs when using Defender ATP (under Microsoft Module)

Related topics