wazuh office defender integration

[reddy chintalapudi]

Hi Team,  Please let us know how to integrate Microsoft Defender for Endpoint. (365)

followed this document https://github.com/socfortress/Wazuh-Rules/tree/main/Office%20Defender. created tenant id, app id, secret id and followed the configuration. I am getting error

Traceback (most recent call last):
  File "defender_for_endpoint_non_alert.py", line 47, in <module>
    response = urllib.request.urlopen(req)
  File "/usr/lib64/python3.6/urllib/request.py", line 223, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/lib64/python3.6/urllib/request.py", line 532, in open
    response = meth(req, response)
  File "/usr/lib64/python3.6/urllib/request.py", line 642, in http_response
    'http', request, response, code, msg, hdrs)
  File "/usr/lib64/python3.6/urllib/request.py", line 570, in error
    return self._call_chain(*args)
  File "/usr/lib64/python3.6/urllib/request.py", line 504, in _call_chain
    result = func(*args)
  File "/usr/lib64/python3.6/urllib/request.py", line 650, in http_error_default
    raise HTTPError(req.full_url, code, msg, hdrs, fp)
urllib.error.HTTPError: HTTP Error 401: Unauthorized
Any help would be appreciated. Thanks

[Roman Luna]

Hi,

We have the following document mentioning Microsoft Defender: https://documentation.wazuh.com/current/user-manual/capabilities/malware-detection/win-defender-logs-collection.html to collect logs from Eventchannel, let me know if it helps in your use case.

Regarding the custom script written by the author, we can offer you professional support in order to send it to our dev team. 

Additionally, you could post an issue in their github page to get help from them which might know what could be the problem as they are the ones who did created it.

Regards.