Share via

401 Error for Microsoft Add-on Splunk Graph Security

Muhammad Ahmad Gul 0 Reputation points
2023-04-25T06:21:49.8933333+00:00

Hi, the issue I'm facing is that the Microsoft Add-on for Graph Security for Splunk is not working since Sunday i.e. 23 April 2023. Till Saturday the GraphSecurityLogs were being fetched successfully via the API calls so means the client secret etc was all working good. But then on Sunday I've been seeing 401 messages when the API call (POST oauth token) is made to https://login.microsoftonline.com:443 and subsequently KeyError: "access_token" message is in the internal logs of the add-on. Due to this I'm not getting GraphSecurityAlert logs anymore. Is there any change or issue that is going or can anyone suggest steps to solve the issue?

Microsoft Security | Microsoft Graph
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Antonio 255 Reputation points Microsoft External Staff
    2023-04-25T20:30:40.07+00:00

    Hi Muhammad Ahmad Gul,

    According to Splunk currently this is a known for issue Exchange (Other related Office 365 services) see in post in Splunk forum.

    If further details needed see in Splunk forum/support. As some suggestions have been added there for workarounds and mitigation for Splunk users.
    Issues fetching Exchange Online message tracking logs (HTTP 401 Client Error) since 1.4.2023

    Release notes for the Splunk Add-on for Microsoft Office 365

    User's image

    UPDATE: According to 3rd party Forum see below.
    User's image

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.