I’m working with the SOC Solution to help ingest alerts from Azure Defender for Cloud alerts. I have created an Asset with the Registered App I created with in MicroSoft Entra ID. I have a Client ID/Secret and I am using the Action “List Alerts” and configured the Asset with the following Info:
URL: https://graph.microsoft.com/v1.0/security/alerts_v2
Token URL: Sign in to your account
Client ID / Client Secret
Scope - String - graph_microsoft_com/.default
After processing, I’m getting an error - 400 Bad Request.
The required field ‘scope’ is missing from the credential.
Please let me know if more data is needed
Serge