Hi all
I am trying to retrieve some Defender ATP logs from Azure using Microsoft Module and encountered error. Current Filebeat version is 7.12.
2021-05-10T13:01:17.495+0800 ERROR [input.httpjson-cursor] v2/request.go:186
error processing response: the requested root field is empty
{"input_source": "https://api.securitycenter.windows.com/api/alerts", "input_url": "https://api.securitycenter.windows.com/api/alerts"}
I followed the instructions from https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-microsoft.html#_defender_atp_fileset_settings to setup and enter configuration settings accordingly.
And also the application api is granted with correct permissions.
Could anyone assist me on this?