Login
    Contents x
    Microsoft XDR
    • 01 Jul 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Contents

    Microsoft XDR

    • Updated on 01 Jul 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Article summary

    Microsoft XDR is a unified security platform that integrates threat detection, investigation, and response capabilities across endpoints, email, identities, and cloud environments to provide holistic security visibility and protection.

    Setup and Configure

    1. Log on to Azure with a user account that has the Global Administrator role.

    2. Navigate to App registrations > New registration. The "Register an application" page/ window will appear. 

    3. Enter the application's registration information:

      1. In the ‘Name’ section, enter a meaningful application name that will be displayed to users.

      2. For ‘Supported account types’, click the Accounts in any organizational directory option.

      3. Set the ‘Redirect URI’ to http://localhost.

      4. Click on Register to create the application.

    4. From the app “Overview” page, copy the Application (client) ID and Directory (tenant) ID for later use.

    Add Endpoint Access

    Once the application is created, permissions should be provided in order to get data. The appropriate permissions to the application are needed in order to configure these endpoints. The following section details how to configure and add permissions to the required endpoints.

    Endpoints needed for Microsoft XDR

    Add Permissions

    To add permissions for the above endpoint outlined, from the Azure Active Directory portal:

    1. Select the application whose logs are to be accessed (the application registered earlier on this page).

    2. Click API Permissions, and then click Add a Permission. The “Request API permissions” window appears.

    3. Click on Microsoft Graph.

    4. Click on Application Permissions.

    5. The following permissions need to be granted for the endpoint to function properly:

      Endpoint Permissions

      Endpoint

      Permission

      /security/runHuntingQuery

      ThreatHunting.Read.All

      In the Select permissions search bar, enter the permission shown above, and check the box for each to include it.

    6. Click the Add permissions button after selecting all required permissions.

    7. On the “API permissions” page, click Grant Admin Consent for <tenant>.

    8. Click the Yes button on the consent confirmation. The required permissions are now added for the endpoints.

    Create the Client ID and Client Secret

    The last step in configuring the Graph API is creating a Client ID and Client Secret. To create these items, from the Azure Portal:

    1. Select the application created above.

    2. Click Certificates & secrets, and then Client secrets.

    3. Click New client secret. The “Add a client secret” window appears.

    4. Enter a Description for this client secret.

    5. Select the desired expiry period from the ‘Expires’ drop-list.

    6. Click Add.

    7. Copy the Value field, which will be used to initialize the beat.

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Eddy AI, facilitating knowledge discovery through conversational intelligence