Vulnerability assessment tools
      Back to home
      1. Knowledge Base
      2. Streamline your process with integrations
      3. Vulnerability assessment tools

      Integrate Microsoft (MS) Defender for Endpoint with Autobahn Security

      Find the instructions on how to integrate Microsoft (MS) Defender for Endpoint with Autobahn Security in this article

      Linking your MS Defender for Endpoint account lets you import scan results from your Microsoft environment(s) so they can be prioritized and clustered into Cyber Fitness Workouts.

      Table of content


      1. Prerequisites to enable the integration
        1. Creating an app in Microsoft Azure dashboard for MS Defender
        2. Grant permission to your newly created app
        3. Create the Client secrets
        4. Collect Client and Tenant ID
      2. Enable or disable integration
      3. Update integration configuration
      4. View MS Defender for Endpoint assets

      1. Prerequisites to enable the integration

      Integrating MS Defender for Endpoint data into Autobahn Security requires several key elements:

      • Tenant ID
      • Client ID (App ID)

      • Client secret

      To collect this data, you must first create an app in Microsoft Azure dashboard for MS Defender and set the right permissions for this app.

      a. Create an app in Microsoft Azure dashboard for MS Defender

      1 - In Microsoft Azure dashboard, go to the search bar and type App registrations. Click on the result.

      ms-azure-dashboard

      2 - Inside App registrations, click the New registration button.

      2 - On the registration page:

      • Enter a name for your app, for example Autobahn Security
      • Select Single Tenant as the Supported Account Types
      • Select Web under Redirect URL (you can leave the Redirect URI section empty)
      • Then click the Register button.

      b. Grant permission to your newly created app

      1 - In the newly created app registration, navigate to the API permissions tab and click the Add a permission button.

      2 - The dialog box for requesting API permissions will appear. Go to the APIs my organization uses tab, search for "WindowsDefenderATP," and click on the result.

      3 - In the next screen select Application permissions and select the following permissions:

      • Alert.Read.All
      • AdvancedQuery.Read.All

      • Machine.Read.All

      • SecurityRecommendation.Read.All

      • Vulnerability.Read.All 

      These permissions need to be selected to gather the correct data.

      4 - As a final step click the Grant admin consent button to grant access to the required permissions.

      c. Create Client secrets

      1 - Navigate to the Certificates & Secrets page and open the Client Secrets tab. Click the New Client Secret.

      2 - On the Add client secret box, enter a description (for example autobahn_secret) and decide for how long the secret should be valid. Copy the value of the newly created secret. In the future, once the secret ID expires, you must create a new one and update the integration in Autobahn Security.

      d. Collect Client and Tenant ID

      1 - As a last step, take note of the following information, which you will need to enable the integration in Autobahn:

      • Application (client) ID

      • Directory (tenant) ID 

      2. Integrate MS Defender for Endpoint with Autobahn Security

      After all prerequisites are gathered, navigate to the Integrations page in Autobahn Security.

      1 - On the Integrations page, in the MS Defender for Endpoint card, click the Configure button.

      2 - On the MS Defender Integration for Endpoint page, input the integration label on the Label field.

      3 - Input your MS Defender Tenant ID in the Tenant ID field.

      4 - Input your MS Defender App ID (Client ID) in the App ID field.

      5 - Input your MS Defender App secret (Client secret) in the App Secret field.

      6 - Once you have completed the form, click the Save button.

      7 - If the credentials are correct, you will be notified if the credentials are correct or incorrect.

      Once activated, Autobahn Security will directly fetch the latest machine and vulnerability data from MS Defender and will continue to fetch this data once a day, unless deactivated.

      3. Enable or disable integration

      You can enable or disable the integration by:

      1 - Navigate to the Integrations page.

      2 - Switch off the toggle on the top right of the MS Defender for Endpoint card.

      4. Update MS Defender for Endpoint integration configuration

      1 - Navigate to the Integrations page.

      2 - Click the Edit button on the bottom of the MS Defender for Endpoint card. You will be directed to the MS Defender for Endpoint integration page.

      3 - Click the Reset button to remove the previously added credentials and add new credentials.

      Before resetting the configuration, ensure to configure MS Defender for Endpoint first.

      5. View MS Defender for Endpoint assets

      After enabling integration, you can check your MS Defender for Endpoint assets by navigating to the Assets page.

      Assets imported from MS Defender for Endpoint will be displayed on the Assets page.