none
Microsoft Graph Security API - Issue with Authentication for https://graph.microsoft.com/beta/security/tiIndicators RRS feed

  • Question

  • Hi All

    I am trying to use Microsoft graph API threat Indicators API based on Azure sentinel recommended way of integrating threat intelligence sources for IOC ingestion to Sentinel Instance. I perform the following steps in linux curl to test the functionality :

    • Get the OAuth token from Microsoft using : 
    curl -X POST -d 'grant_type=client_credentials&client_id=[myClientId]&client_secret=[myAppSecret]&scope=openid profile ThreatIndicators.ReadWrite.OwnedBy' https://login.microsoftonline.com/[myTenantId]/oauth2/token
    
    • Using the received bearer token calling the following API: curl -X GET -H "Authorization: Bearer [access token]" https://graph.microsoft.com/beta/security/tiIndicators
    • I am receiving below mentioned error: 

    {
      "error": {
        "code": "InvalidAuthenticationToken",
        "message": "Access token validation failure. Invalid audience.",
        "innerError": {
          "request-id": "########################",
          "date": "2019-12-19T07:41:51"
        }
      }

    Anybody has Idea how to use this ? Main motive is to use graph API POST query to insert threat indicators in Azure Sentinel


    Deepanshu

    Friday, December 20, 2019 2:38 AM