This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 22%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Hello, I set up MDTI-Automated-Triage playbook via MiMicrosoft Defender Threat Intelligence.
But It does not work well. I attached error message at the bottom.
<Status>
1. I add "Microsoft Sentinel Contributor" role at MDTI-Base and MDTI-Automated-Triage Logic Apps
1. I set up "MDTI-Base" Logic Apps
1. I set up app that "ThreatIntelligence.Read.All" API Permissions
Error message
```json
{
"error": {
"code": "UnknownError",
"message": "{\"message\":\"Unable to retrieve organization data from Graph.\",\"requestID\":\"1435d451-092b-460b-\",\"error\":\"true\",\"status\":0}",
"innerError": {
"date": "2024-01-12T06:27:20",
"request-id": "555ee5fe-ac89b",
"client-request-id": "555ee5fe-ac89"
}
}
}
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi @mara7 ,
Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept Answer" which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
@mara7
I wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
Have you confirmed the API works in https://developer.microsoft.com/en-us/graph/graph-explorer , try https://graph.microsoft.com/beta/security/tiIndicators followed by your api to see if access is working.
Is it Right?
---Hello,
I tried https://graph.microsoft.com/beta/security/threatIntelligence/hosts('hostIP')/reputation
at https://developer.microsoft.com/en-us/graph/graph-explorer
But I got this result.
I just follow https://github.com/microsoftgraph/microsoft-graph-docs-contrib/blob/main/api-reference/beta/api/security-host-get.md this docs. But I don't know Why do I got this result.
@mara7
You need to sign in to Graph Explorer first to authenticate your account. Once you will sign in, you will see a pop up asking for consent to use some basic API and Graph Explorer will able to access data from your organization/tenant.
Then you need to provide ThreatIntelligence.Read.All permissions to Graph Explorer to get data using this API by clicking on Consent to permissions
Once consent has been provided, you can try to access to below API link https://graph.microsoft.com/beta/security/threatIntelligence/hosts('hostIP')/reputation Hope this will help.
Thanks,
Shweta