cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Register for SecureX webinars to learn about our newest integrations and features.

2708
Views
5
Helpful
2
Replies
hoffa2000
Participant

SecureX and Microsoft Graph API integration

Greetings

I'm trying to understand how this is supposed to work, the information given by Cisco seems limited at best. I have SecureX set up and running with our FTDs as the only integration so far and I'd like to add the ability to enrich with data from Microsoft Defender for Endpoint taken from Microsoft Graph API. For some reason SecureX requires me to host a Docker relay for this to work. Why doesn't SecureX give me the option to contact Microsoft API directly? Seems unfinished to me.

Anyway, getting the Docker relay running is no problem if you know Docker but the next step, to set up the integration in the SecureX GUI drives me mad. How to I create a JWT that's accepted by the integration? All my attempts using public tools on the web gives me a string that SecureX says is missing either the correct format or some "custom_jwks_host" and there is nothing on the Github page about this.

Has anyone actually got this working?

 

Regards

Fredrik

2 REPLIES 2
ppreenja
Cisco Employee

Hi Fredrik,

 

Please post your query on the below link so that you can get direct answer to your query:

https://gitter.im/CiscoSecurity/Threat-Response

 

Cheers,

Pratham

Mike.Migliori
Beginner

A little late to the party, but if you have not already noticed, Cisco has recreated the integrations with (Cisco Hosted) type of integrations.  This means you do not need to set up the serverless relays in AWS.   They now have a "(Cisco Hosted) Microsoft Graph Security API"  available to use to integrate.  I was successful today in connecting them, can't wait to see how it enriches our investigations.

Create
Recognize Your Peers
Content for Community-Ad
Additional Cisco Threat Response Resources


August's Community Spotlight Awards