Re: ms:defender:vulnerability API input add

alexcybrill12 · ‎04-03-2024

Is it possible for the next version of the add-on to add MS defender vulnerabilty API calls to this add-on? Currently there is only "Microsoft defender for incident" and "Microsoft defender endpoint alert". We need another one add for "Microsoft Defender for Vulnerabilities" ---- Here's the API's below ---

Permissions needed
Collected data API call Permission needed

Machine info GET https://api.securitycenter.microsoft.com/api/machines Machine.Read.All
Full export of vulnerabilities GET https://api.securitycenter.microsoft.com/api/machines/SoftwareVulnerabilitiesExport Vulnerability.Read.All
Delta export of vulnerabilities GET https://api.securitycenter.microsoft.com/api/machines/SoftwareVulnerabilityChangesByMachine Vulnerability.Read.All
Description of vulnerabilities POST https://api.security.microsoft.com/api/advancedhunting/run AdvancedHunting.Read.All

https://github.com/thilles/TA-microsoft-365-defender-threat-vulnerability-add-on?tab=readme-ov-file#...

richgalloway · ‎04-03-2024

Since that is a Splunk-supported add-on, you can request enhancements at https://ideas.splunk.com.

---
If this reply helps you, Karma would be appreciated.

ms:defender:vulnerability API input add

data

HTTP Event Collector

Pro Tips for First-Time .conf Attendees: Advice from SplunkTrust

Raise Your Skills at the .conf25 Builder Bar: Your Splunk Developer Destination

Hunt Smarter, Not Harder: Discover New SPL “Recipes” in Our Threat Hunting Webinar

Are you a member of the Splunk Community?