Interpres Application - Azure AD

Type: Cloud
Vendor: Microsoft

This app integrates with Azure Active Directory

Vendor setup

Login to https://portal.azure.com
Search for App registrations

1. Click + New registration

1. Enter "Interpres" for the app name. Leave the other defaults (Single-tenant, no Redirect URI). Click "Register".

1. Copy the application (client) ID and the Directory (tenant) ID over to the Interpres integration setup page

1. Click Manifest

1. Replace requiredResourceAccess with the following:

"requiredResourceAccess": [
        {
            "resourceAppId": "00000003-0000-0000-c000-000000000000",
            "resourceAccess": [
                {
                    "id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
                    "type": "Scope"
                },
                {
                    "id": "45cc0394-e837-488b-a098-1918f48d186c",
                    "type": "Role"
                },
                {
                    "id": "472e4a4d-bb4a-4026-98d1-0b0d74cb74a5",
                    "type": "Role"
                },
                {
                    "id": "dd98c7f5-2d42-42d3-a0e4-633161547251",
                    "type": "Role"
                },
                {
                    "id": "b0afded3-3588-46d8-8b3d-9842eff778da",
                    "type": "Role"
                },
                {
                    "id": "dc377aa6-52d8-4e23-b271-2a7ae04cedf3",
                    "type": "Role"
                },
                {
                    "id": "246dd0d5-5bd0-4def-940b-0421030a5b68",
                    "type": "Role"
                },
                {
                    "id": "7ab1d382-f21e-4acd-a863-ba3e13f7da61",
                    "type": "Role"
                },
                {
                    "id": "f8f035bb-2cce-47fb-8bf5-7baf3ecbee48",
                    "type": "Role"
                },
                {
                    "id": "9e640839-a198-48fb-8b9a-013fd6f6cbcd",
                    "type": "Role"
                },
                {
                    "id": "c7fbd983-d9aa-4fa7-84b8-17382c103bc4",
                    "type": "Role"
                },
                {
                    "id": "ae73097b-cb2a-4447-b064-5d80f6093921",
                    "type": "Role"
                }
            ]
        }
    ],

As an alternative to Step 7, you can manually add the following permissions (as Application):

Microsoft Graph
---------------
AuditLog.Read.All
DeviceManagementConfiguration.Read.All
Directory.Read.All
DirectoryRecommendations.Read.All
Policy.Read.All
Policy.Read.PermissionGrant
RoleManagement.Read.All
SecurityAlert.Read.All
SecurityIncident.Read.All
ThreatAssessment.Read.All
ThreatHunting.Read.All
User.Read

Click Save

1. Click API permissions then Grant admin consent for YOUR_TENANT

1. Click Certificates & Secrets then New client secret

1. Enter "Interpres" for the description and choose "12 months".

1. Copy the client secret "Value" over to the Interpres integration setup.

App Configuration

App Parameters:

tenant_id (string): Tenant ID
client_id (string): Client ID
client_secret (password): Client Secret
max_search_size (numeric): The maximum number of alerts to grab per query frequency. The query frequency is set to 10 minutes by default.

App Validation

Check there is connectivity (green light) in the integration created.

Implemented Actions

Get Assets: Returns a list of assets using this endpoint https://graph.microsoft.com/v1.0/devices
Get Available Telemetry: Returns a list of telemetry available in Azure AD (Static)
Get Recommended Actions: Gets a list of recommendations and their status