I am trying to use Microsoft graph API threat Indicators API based on Azure sentinel recommended way of integrating threat intelligence sources for IOC ingestion to Sentinel Instance. I perform the following steps in linux curl to test the functionality :
Get the OAuth token from Microsoft using :
curl -X POST -d 'grant_type=client_credentials&client_id=[myClientId]&client_secret=[myAppSecret]&scope=openid profile ThreatIndicators.ReadWrite.OwnedBy' https://login.microsoftonline.com/[myTenantId]/oauth2/token
Using the received bearer token calling the following API: curl -X GET -H "Authorization: Bearer [access token]" https://graph.microsoft.com/beta/security/tiIndicators
I am receiving below mentioned error:
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure. Invalid audience.",
"innerError": {
"request-id": "########################",
"date": "2019-12-19T07:41:51"
}
}
Anybody has Idea how to use this ? Main motive is to use graph API POST query to insert threat indicators in Azure Sentinel