Microsoft Threat and Vulnerability Integration with Vulnerability Response

msd93
Kilo Sage

How to get only specific tags/machine tags from Microsoft defender(i.e TVM Threat and Vulnerability Management) into vulnerability response. Tried editing the integration parameter machine_filter  with "onboardingStatus in ('Onboarded') and machineTags=='SRV_WIN_PRD'" as the value, but receive error "Invalid response code received from MicrosoftTVMMachinesIntegration: Bad Request 400".

Please help me if anyone had implemented any such thing earlier

3 REPLIES 3

Vijay Yellikant
Tera Contributor

Hello msd93 - Did you get a solution for this? I am also looking to implement this. Please share if anything worked out for you.

woots
Kilo Contributor

any help with this would be awesome ... did you get a response 

Filip Laznicka
Tera Guru

You have to use OData v4 syntax. To filter based on SRV_WIN_PRD machine tag, use the following query:

 

 onboardingStatus in ('Onboarded') and machineTags/any(tag: tag eq 'SRV_WIN_PR')