All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Microsoft 365 Defender Add-on for Splunk giving errors

Azeemering
Builder
‎11-10-2020 11:19 AM

Hello,

I am upgrading from the older Add-On for Windows defender to Microsoft 365 Defender Add-on for Splunk.

The clientid, secret en tenant are all working fine in the old app.

When I install the new Microsoft 365 Defender Add-on for Splunk and use the same credentials I get the error:

2020-11-10 19:27:40,873 ERROR pid=77556 tid=MainThread file=base_modinput.py:log_error:309 | Get error when collecting events. Traceback (most recent call last): File "/opt/splunk/etc/apps/TA-MS_Defender/bin/ta_ms_defender/aob_py2/modinput_wrapper/base_modinput.py", line 128, in stream_events self.collect_events(ew) File "/opt/splunk/etc/apps/TA-MS_Defender/bin/microsoft_defender_atp_alerts.py", line 76, in collect_events input_module.collect_events(self, ew) File "/opt/splunk/etc/apps/TA-MS_Defender/bin/input_module_microsoft_defender_atp_alerts.py", line 54, in collect_events access_token = azauth.get_access_token(client_id, client_secret, authorization_server_url, resource, helper) File "/opt/splunk/etc/apps/TA-MS_Defender/bin/azure/auth.py", line 21, in get_access_token raise e KeyError: 'access_token'

These Azure apps from Splunk are giving me a headache. I have the same with the Azure Add-On from Splunk. Why is Splunk making it so hard to upgrade reasonable straight forward apps?

Reply

Azeemering
Builder
‎11-26-2020 12:15 AM

Hi, I got it working after renewing the secrets at the MS side.

Reply

vikramyadav
Contributor
‎11-13-2020 05:57 AM

Hi @Azeemering,

After installation did you install an SSL certificate? If not then try to disable from SSL.verify=True to SSL.verify=False

--------------------------------------------------------

If this helps your like will be appreciated 😀

Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...