IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Microsoft Windows Defender ATP

    Posted Mon October 18, 2021 11:05 AM

    Log source fails with

    [WindowsDefenderATP-eu-....] WARN org.apache.commons.httpclient.HttpMethodDirector - Unable to respond to any of these challenges: {bearer=Bearer}

    Credentials work with MS supplied scripts when events are retrieved from:

    api.securitycenter.microsoft.com

    and NOT

    wdatp-alertexporter-us.windows.com or wdatp-alertexporter-eu.windows.com

    This suggests API endpoints changes are not implemented in the DSM?

    What needs to be done in QRadar to retrieve logs correctly, anyone?



    #QRadar
    #Support
    #SupportMigration


  • 2.  RE: Microsoft Windows Defender ATP

    Posted Mon October 18, 2021 11:15 AM

    API endpoints in this:

    https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/pull-alerts-using-rest-api?view=o365-worldwide

    are different from this:

    https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exposed-apis-list?view=o365-worldwide

    What gives?



    #QRadar
    #Support
    #SupportMigration


  • 3.  RE: Microsoft Windows Defender ATP

    Posted Fri June 10, 2022 02:41 PM

    Did you ever manage to resolve this. I am having the same issue



    #QRadar
    #Support
    #SupportMigration