Hi
I already have Log Analytics add-on installed and it is working fine and able to get oms logs. and now new requirement has came to get Windows defender ATP logs in splunk and I have configured input in it but unable to receive data in splunk.
1. Is it due to log analytics is using port 443 and same port is trying to use by TA for Microsoft Windows Defender? If yes then how can I change port ?
2. Is it required to set proxy?
3. Is it required to set SSL connection ON? when it is required to set as by default SSL is set to true?
4. I am getting below log -
2019-02-08 11:02:39,280 DEBUG pid=15232 tid=MainThread file=connectionpool.py:_make_request:400 | https://wdatp-alertexporter-eu.securitycenter.windows.com:443 "GET /api/Alerts//api/alerts?sinceTimeUtc=2019-02-01%2011:02:39.097000 HTTP/1.1" 404 1245
From here I thought might be it is trying to use same port 443? also does 404 here means not found?
also Endpoint url which i am using is slightly different-https://wdatp-alertexporter-eu.securitycenter.windows.com/api/Alerts
@thambisetty could you please give me insight here..
Thanks,
↧