Re: ms:defender:vulnerability API input add

alexcybrill12 · ‎04-03-2024

Is it possible for the next version of the add-on to add MS defender vulnerabilty API calls to this add-on? Currently there is only "Microsoft defender for incident" and "Microsoft defender endpoint alert". We need another one add for "Microsoft Defender for Vulnerabilities" ---- Here's the API's below ---

Permissions needed
Collected data API call Permission needed

Machine info GET https://api.securitycenter.microsoft.com/api/machines Machine.Read.All
Full export of vulnerabilities GET https://api.securitycenter.microsoft.com/api/machines/SoftwareVulnerabilitiesExport Vulnerability.Read.All
Delta export of vulnerabilities GET https://api.securitycenter.microsoft.com/api/machines/SoftwareVulnerabilityChangesByMachine Vulnerability.Read.All
Description of vulnerabilities POST https://api.security.microsoft.com/api/advancedhunting/run AdvancedHunting.Read.All

https://github.com/thilles/TA-microsoft-365-defender-threat-vulnerability-add-on?tab=readme-ov-file#...

richgalloway · ‎04-03-2024

Since that is a Splunk-supported add-on, you can request enhancements at https://ideas.splunk.com.

---
If this reply helps you, Karma would be appreciated.

ms:defender:vulnerability API input add

data

HTTP Event Collector

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation