search

ibmresilient / resilient-community-apps

Source code for IBM SOAR Apps that are available on our App Exchange
https://ibm.biz/soar-apps-docs
MIT License
88 stars 96 forks source link

fn_microsoft_security_graph unable to connect to gov cloud #66

Open LiamMahoney opened 3 years ago

LiamMahoney commented 3 years ago

Description

In the fn_microsoft_security_graph the URL that defines the scope used to request permissions is hardcoded as https://graph.microsoft.com/.default, which doesn't work for GCC High (gov cloud) connections.

After running the integration in my debugger I found the get_alerts function was recieveing the following response:

{\r\n  "error": {\r\n    "code": "InvalidAuthenticationToken",\r\n    "message": "Access token validation failure. Invalid audience.",\r\n    "innerError": {\r\n      "date": "2021-02-24T16:09:01",\r\n      "request-id": "xxx",\r\n      "client-request-id": "xxx"\r\n    }\r\n  }\r\n}

Setting scope to https://graph.microsoft.us/.default appears to fix the problem.

Describe How to Reproduce

Configure the integration to communicate with GCC High.