cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Register for SecureX webinars to learn about our newest integrations and features.

811
Views
0
Helpful
2
Replies
hoffa2000
Participant

SecureX and Microsoft Graph API integration

Greetings

I'm trying to understand how this is supposed to work, the information given by Cisco seems limited at best. I have SecureX set up and running with our FTDs as the only integration so far and I'd like to add the ability to enrich with data from Microsoft Defender for Endpoint taken from Microsoft Graph API. For some reason SecureX requires me to host a Docker relay for this to work. Why doesn't SecureX give me the option to contact Microsoft API directly? Seems unfinished to me.

Anyway, getting the Docker relay running is no problem if you know Docker but the next step, to set up the integration in the SecureX GUI drives me mad. How to I create a JWT that's accepted by the integration? All my attempts using public tools on the web gives me a string that SecureX says is missing either the correct format or some "custom_jwks_host" and there is nothing on the Github page about this.

Has anyone actually got this working?

 

Regards

Fredrik

2 REPLIES 2
ppreenja
Cisco Employee

Hi Fredrik,

 

Please post your query on the below link so that you can get direct answer to your query:

https://gitter.im/CiscoSecurity/Threat-Response

 

Cheers,

Pratham

DuncanMary42588
Beginner

Speed up threat detection and incident response. Share insights across Microsoft and partner security solutions and integrate with existing tools and workflows.

Content for Community-Ad
Additional Cisco Threat Response Resources


August's Community Spotlight Awards
This widget could not be displayed.