Troubleshoot SIEM tool integration issues

Applies to:

You might need to troubleshoot issues while pulling detections in your SIEM tools.

This page provides detailed steps to troubleshoot issues you might encounter.

Learn how to get a new client secret

If your client secret expires or if you've misplaced the copy provided when you were enabling the SIEM tool application, you'll need to get a new secret.

  1. Login to the Azure management portal.

  2. Select Azure Active Directory.

  3. Select your tenant.

  4. Click App registrations. Then in the applications list, select the application.

  5. Select Keys section, then provide a key description and specify the key validity duration.

  6. Click Save. The key value is displayed.

  7. Copy the value and save it in a safe place.

Error when getting a refresh access token

If you encounter an error when trying to get a refresh token when using the threat intelligence API or SIEM tools, you'll need to add reply URL for relevant application in Azure Active Directory.

  1. Login to the Azure management portal.

  2. Select Azure Active Directory.

  3. Select your tenant.

  4. Click App Registrations. Then in the applications list, select the application.

  5. Add the following URL:

    • For the European Union: https://winatpmanagement-eu.securitycenter.windows.com/UserAuthenticationCallback
    • For the United Kingdom: https://winatpmanagement-uk.securitycenter.windows.com/UserAuthenticationCallback
    • For the United States: https://winatpmanagement-us.securitycenter.windows.com/UserAuthenticationCallback.
  6. Click Save.

Error while enabling the SIEM connector application

If you encounter an error when trying to enable the SIEM connector application, check the pop-up blocker settings of your browser. It might be blocking the new window being opened when you enable the capability.

Want to experience Microsoft Defender ATP? Sign up for a free trial.