.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Issue
Azure graph security Event source configured using Azure Security Alerts Configuration guide. Test connection fails with below error.
Access Denied Exception Received:
403 Client Error: Forbidden for url: https://graph.microsoft.com/v1.0/security/alerts?$filter=lastModifiedDateTime%20ge%202021-08-17T10:27:43Z%20and%20lastModifiedDateTime%20lt%202021-08-17T10:32:43Z&$orderby=lastModifiedDateTime&$count=true
Cause
This issue is due to an Incorrect permissions type on the Azure side as below.
Resolution
Please follow the below steps to get a successful test connection for Azure graph security.- Login to Azure and change API permissions type from Delegated type to Application type.
- Then Do test connection in NetWitness Collector for the Event source which will be successful without error.
Product Details
RSA Product Set: RSA NetWitness PlatformRSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.X
Platform: CentOS
O/S Version: 7
Summary
This document outlines the procedure to configure Azure graph security for successful test connection.
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue