Troubleshoot SIEM tool integration issues
Applies to:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender XDR
Note
Try our new APIs using MS Graph security API. Find out more at: Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn.
Want to experience Defender for Endpoint? Sign up for a free trial.
Note
The new Microsoft Defender XDR alerts API, released to public preview in MS Graph, is the official and recommended API for customers migrating from the SIEM API. See Migrate from the MDE SIEM API to the Microsoft Defender XDR alerts API.
You might need to troubleshoot issues while pulling detections in your SIEM tools.
This page provides detailed steps to troubleshoot issues you might encounter.
Learn how to get a new client secret
If your client secret expires or if you've misplaced the copy provided when you were enabling the SIEM tool application, you'll need to get a new secret.
Log in to the Azure management portal.
Select Microsoft Entra ID.
Select your tenant.
Click App registrations. Then in the applications list, select the application.
Select Certificates & Secrets section, Click on New Client Secret, then provide a description and specify the validity duration.
Click Save. The key value is displayed.
Copy the value and save it in a safe place.
Error when getting a refresh access token
If you encounter an error when trying to get a refresh token when using the threat intelligence API or SIEM tools, you'll need to add reply URL for relevant application in Microsoft Entra ID.
Log in to the Azure management portal.
Select Microsoft Entra ID.
Select your tenant.
Click App Registrations. Then in the applications list, select the application.
Add the following URL:
- For the European Union:
https://winatpmanagement-eu.securitycenter.windows.com/UserAuthenticationCallback - For the United Kingdom:
https://winatpmanagement-uk.securitycenter.windows.com/UserAuthenticationCallback - For the United States:
https://winatpmanagement-us.securitycenter.windows.com/UserAuthenticationCallback.
- For the European Union:
Click Save.
Error while enabling the SIEM connector application
If you encounter an error when trying to enable the SIEM connector application, check the pop-up blocker settings of your browser. It might be blocking the new window being opened when you enable the capability.
Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.
Related topics
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for