All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk Add-on for Microsoft Security and Microsoft URLs

foresterd
Loves-to-Learn
‎11-09-2023 06:01 AM

I just want to pose a quick question about the Microsoft API URLs that are used in the add-on.  At what point will the add-on be updated to reflect the new URL changes?  I had a conversation with a Microsoft engineer, and he mentioned that the following URLs may not work past Dec 31 2024:   

API_ADVANCED_HUNTING = "/api/advancedhunting/run"
API_ALERTS = "/api/alerts"
API_INCIDENTS = "/api/incidents

This link shows the difference between some of the old vs new urls :  Use the Microsoft Graph security API - Microsoft Graph v1.0 | Microsoft Learn

I know it's a while off.  However, it comes quick at times.  Just trying to understand the process so I can stay ahead of it.  Also, I have seen add-ons that have the option for legacy inputs and also for current.  It would be great to have an option like that before the URL switch for this add-on.

Labels (3)
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...