All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Microsoft 365 Defender Add-on for Splunk giving errors

Azeemering
Builder
‎11-10-2020 11:19 AM

Hello,

I am upgrading from the older Add-On for Windows defender to Microsoft 365 Defender Add-on for Splunk.

The clientid, secret en tenant are all working fine in the old app.

When I install the new Microsoft 365 Defender Add-on for Splunk and use the same credentials I get the error:

2020-11-10 19:27:40,873 ERROR pid=77556 tid=MainThread file=base_modinput.py:log_error:309 | Get error when collecting events. Traceback (most recent call last): File "/opt/splunk/etc/apps/TA-MS_Defender/bin/ta_ms_defender/aob_py2/modinput_wrapper/base_modinput.py", line 128, in stream_events self.collect_events(ew) File "/opt/splunk/etc/apps/TA-MS_Defender/bin/microsoft_defender_atp_alerts.py", line 76, in collect_events input_module.collect_events(self, ew) File "/opt/splunk/etc/apps/TA-MS_Defender/bin/input_module_microsoft_defender_atp_alerts.py", line 54, in collect_events access_token = azauth.get_access_token(client_id, client_secret, authorization_server_url, resource, helper) File "/opt/splunk/etc/apps/TA-MS_Defender/bin/azure/auth.py", line 21, in get_access_token raise e KeyError: 'access_token'

These Azure apps from Splunk are giving me a headache. I have the same with the Azure Add-On from Splunk. Why is Splunk making it so hard to upgrade reasonable straight forward apps?

Reply

Azeemering
Builder
‎11-26-2020 12:15 AM

Hi, I got it working after renewing the secrets at the MS side.

Reply

vikramyadav
Contributor
‎11-13-2020 05:57 AM

Hi @Azeemering,

After installation did you install an SSL certificate? If not then try to disable from SSL.verify=True to SSL.verify=False

--------------------------------------------------------

If this helps your like will be appreciated 😀

Reply
Get Updates on the Splunk Community!

Index This | When is October more than just the tenth month?

October 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

 Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...