• Products
  • Get started
  • Documentation
  • Resources

Data Manager - Defender Adapter

Assets Data Manager for Jira Service Management Cloud is currently rolling out in Open Beta and will be available to all Premium + Enterprise sites by end of October 2024.

Introduction

Defender is an Antivirus tool produced by Microsoft.

Defender Adapter uses an API connection to bring data into Assets Data Manager.

The Microsoft Defender connector requires you to register the application on the Azure Portal to obtain a Tenant ID, Client ID, and Application ID. Consult your Microsoft Defender Subject Matter Expert for assistance.

How do I connect this tool to Assets Data Manager?

This task requires Data Manager Adapters admin permissions to complete. See how permissions and roles work in Data Manager.

 

Follow this procedure to connect this tool to Assets Data Manager using the custom-built Adapter:

  1. Gather all of the information listed in the Data Manager Fields section, such as the Name, Object class, Data Source Name, and Data Source Type.

  2. Gather all of the information in the Defender Fields section - this may require consultation with the subject matter expert (SME) for Defender.

  3. Within Data Manager:

    1. Create a new job by selecting the Adapter that matches your tool.

    2. Configure all of the required fields with the appropriate information.

  4. Within Defender:

    1. Follow all of the steps listed in the Authentication and Authorization section, below, to properly configure Authentication and Authorization.

    2. Review the information in the API Call section.

    3. Review the information in the Fields Retrieved section, below.

Each time this job is run, the data your have selected will be brought into Data Manager using the configured Adapter and become raw data.

Data Manager Fields

You will need to specify the following information from Assets Data Manager:

  1. Name - the name of the Connection, visible as the job name in Adapters.

  2. Object Class - the name of the Object Class you want to the data to be loaded into.

  3. Data Source Name - the type of data being created; which is usually the tool name, e.g AD, Qualys etc. Note: This can be the same as Name.

  4. Data Source Type - what type of data is the tool providing? For example, Assets, CMDB, user location and more.

Defender Fields

You will need to specify the following information from Defender:

  1. Client-ID - a unique identifier to identify the Microsoft application in Defender.

  2. Client Secret - a secret string that the application uses to prove its identity when requesting a token.

  3. Tenant ID – a unique identifier for the Defender instance used for authentication.

Authentication and Authorization

  1. Register the application using the Azure Portal to obtain the Tenant ID, Client ID and the Application ID.

  2. Generate the Client Secret to obtain the Client Secret ID.

  3. On the application's Overview page, under Manage, select API Permissions > Add a permission.

  4. Select WindowsDefenderATP from the list of available APIs. Then add the permission 'Machine.Read.All' and grant admin consent.

  5. Click on Add Permissions.

API Call

The API Call for Defender is: Machine.Read.All.

Fields Retrieved

The following fields are retrieved:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Id AgentVersion ComputerDnsName OsBuild FirstSeen HealthStatus LastSeen DeviceValue OsPlatform RbacGroupId OsVersion RbacGroupName OsProcessor RiskScore Version ExposureLevel LastIpAddress IsAadJoined LastExternalIpAddress AadDeviceId

 

Still need help?

The Atlassian Community is here for you.