Error retrieving logs when using Defender ATP (under Microsoft Module)

Hi all

I am trying to retrieve some Defender ATP logs from Azure using Microsoft Module and encountered error. Current Filebeat version is 7.12.

2021-05-10T13:01:17.495+0800    ERROR   [input.httpjson-cursor] v2/request.go:186 
error processing response: the requested root field is empty 
{"input_source": "https://api.securitycenter.windows.com/api/alerts", "input_url": "https://api.securitycenter.windows.com/api/alerts"}

I followed the instructions from https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-microsoft.html#_defender_atp_fileset_settings to setup and enter configuration settings accordingly.

And also the application api is granted with correct permissions.

Could anyone assist me on this?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.