Interpres Application - Azure AD

Type: Cloud
Vendor: Microsoft

This app integrates with Azure Active Directory

Vendor setup

Login to https://portal.azure.com
Search for App registrations

1. Click + New registration

1. Enter "Interpres" for the app name. Leave the other defaults (Single-tenant, no Redirect URI). Click "Register".

1. Copy the application (client) ID and the Directory (tenant) ID over to the Interpres integration setup page

1. Click Manifest

1. Replace requiredResourceAccess with the following:

As

Microsoft Graph name=__codelineno-0-1 href=#__codelineno-0-1>"requiredResourceAccess": [ { "resourceAppId": "00000003-0000-0000-c000-000000000000", "resourceAccess": [ { "id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d", "type": "Scope" }, { "id": "34d3bd24-f6a6-468c-b67c-0c365c1d6410", "type": "Scope" }, { "id": "45cc0394-e837-488b-a098-1918f48d186c", "type": "Role" }, { "id": "472e4a4d-bb4a-4026-98d1-0b0d74cb74a5", "type": "Role" }, { "id": "dd98c7f5-2d42-42d3-a0e4-633161547251", "type": "Role" }, { "id": "dc377aa6-52d8-4e23-b271-2a7ae04cedf3", "type": "Role" }, { "id": "246dd0d5-5bd0-4def-940b-0421030a5b68", "type": "Role" }, { "id": "bf394140-e372-4bf9-a898-299cfc7564e5", "type": "Role" }, { "id": "b0afded3-3588-46d8-8b3d-9842eff778da", "type": "Role" }, { "id": "40f97065-369a-49f4-947c-6a255697ae91", "type": "Role" }, { "id": "7ab1d382-f21e-4acd-a863-ba3e13f7da61", "type": "Role" }, { "id": "f8f035bb-2cce-47fb-8bf5-7baf3ecbee48", "type": "Role" }, { "id": "9e640839-a198-48fb-8b9a-013fd6f6cbcd", "type": "Role" }, { "id": "c7fbd983-d9aa-4fa7-84b8-17382c103bc4", "type": "Role" }, { "id": "ae73097b-cb2a-4447-b064-5d80f6093921", "type": "Role" } ] } ] `````` an alternative to Step 7, you can manually add the following permissions (as Application):

AuditLog.Read.All DeviceManagementConfiguration.Read.All Directory.Read.All DirectoryRecommendations.Read.All DirectoryRecommendations.Read.All MailboxSettings.Read Policy.Read.All Policy.Read.PermissionGrant RoleManagement.Read.All SecurityAlert.Read.All SecurityEvents.Read.All SecurityIncident.Read.All ThreatAssessment.Read.All ThreatHunting.Read.All User.Read ```

Click Save

1. Click API permissions then Grant admin consent for YOUR_TENANT

1. Click Certificates & Secrets then New client secret

1. Enter "Interpres" for the description and choose "12 months".

1. Copy the client secret "Value" over to the Interpres integration setup.

App Configuration

App Parameters:

tenant_id (string): Tenant ID
client_id (string): Client ID
client_secret (password): Client Secret
max_search_size (numeric): The maximum number of alerts to grab per query frequency. The query frequency is set to 10 minutes by default.

App Validation

Check there is connectivity (green light) in the integration created.

Implemented Actions

Get Assets: Returns a list of assets using this endpoint https://graph.microsoft.com/v1.0/devices
Get Available Telemetry: Returns a list of telemetry available in Azure AD (Static)
Get Recommended Actions: Gets a list of recommendations and their status