Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,105 questions
How to connect the Microsoft Defender XDR event logs using the API?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 97%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERW%3C/text%3E%3C/svg%3E)
Robbe Willeme
0
Reputation points
I'm currently working on automating the deployment of a Microsoft Sentinel workspace using PowerShell scripts. So far, I have successfully used the Microsoft.SecurityInsights API to install solutions and enable analytic rules. Now, I am looking to connect various data connectors, particularly for Microsoft Defender XDR, using ARM templates.
I've been able to connect incidents and alerts, but I'm having difficulty automating the connection of specific event log tables (e.g., DeviceInfo, DeviceEvents, EmailEvents, etc.). I discovered that Azure uses a different API endpoint to connect these event logs when I manually configure it. But when trying to automate this process via the same API call that azures uses, I received an error indicating that an application context cannot access the API and that a user context is required.
Is there a recommended approach to fully automate the process of connecting these event logs, or is user interaction necessary at some stage?
Sign in to answer