Article Number
000039833
Applies To
RSA Product Set: RSA NetWitness Platform
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.X
Platform: CentOS
O/S Version: 7
Issue
Azure graph security Event source configured using
Azure Security Alerts Configuration guide. Test connection fails with below error.
Access Denied Exception Received: 403 Client Error: Forbidden for url: https://graph.microsoft.com/v1.0/security/alerts?$filter=lastModifiedDateTime%20ge%202021-08-17T10:27:43Z%20and%20lastModifiedDateTime%20lt%202021-08-17T10:32:43Z&$orderby=lastModifiedDateTime&$count=true
Cause
This issue is due to an Incorrect permissions type on the Azure side as below.
Image description
Resolution
Please follow the below steps to get a successful test connection for Azure graph security.
- Login to Azure and change API permissions type from Delegated type to Application type.
- Then Do test connection in NetWitness Collector for the Event source which will be successful without error.