Greetings. Our CSM alerted us to the new ICON plugin “Microsoft Defender Incidents” today and I wanted to check it out. Link here: Rapid7 Extensions
That said, the “Setup” documentation is a bit sparse at this time, specifically how you go about setting up the authentication/credentials needed is not documented. Based on what it says, you need:
Client_id
Client_secret
Tenant_id
Based on that, I am guessing it needs to be set up as an AzureAD “Enterprise Application” with a certain set of permissions? But what permissions?
Anyway - asking in case anyone else has figured it out and can share what worked!