All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Microsoft 365 Defender Add-on for Splunk giving errors

Azeemering
Builder
‎11-10-2020 11:19 AM

Hello,

I am upgrading from the older Add-On for Windows defender to Microsoft 365 Defender Add-on for Splunk.

The clientid, secret en tenant are all working fine in the old app.

When I install the new Microsoft 365 Defender Add-on for Splunk and use the same credentials I get the error:

2020-11-10 19:27:40,873 ERROR pid=77556 tid=MainThread file=base_modinput.py:log_error:309 | Get error when collecting events. Traceback (most recent call last): File "/opt/splunk/etc/apps/TA-MS_Defender/bin/ta_ms_defender/aob_py2/modinput_wrapper/base_modinput.py", line 128, in stream_events self.collect_events(ew) File "/opt/splunk/etc/apps/TA-MS_Defender/bin/microsoft_defender_atp_alerts.py", line 76, in collect_events input_module.collect_events(self, ew) File "/opt/splunk/etc/apps/TA-MS_Defender/bin/input_module_microsoft_defender_atp_alerts.py", line 54, in collect_events access_token = azauth.get_access_token(client_id, client_secret, authorization_server_url, resource, helper) File "/opt/splunk/etc/apps/TA-MS_Defender/bin/azure/auth.py", line 21, in get_access_token raise e KeyError: 'access_token'

These Azure apps from Splunk are giving me a headache. I have the same with the Azure Add-On from Splunk. Why is Splunk making it so hard to upgrade reasonable straight forward apps?

Reply

Azeemering
Builder
‎11-26-2020 12:15 AM

Hi, I got it working after renewing the secrets at the MS side.

Reply

vikramyadav
Contributor
‎11-13-2020 05:57 AM

Hi @Azeemering,

After installation did you install an SSL certificate? If not then try to disable from SSL.verify=True to SSL.verify=False

--------------------------------------------------------

If this helps your like will be appreciated 😀

Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...