Skip to content

microsoft_defender_endpoint: add support for oauth endpoint params #15667

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

microsoft_defender_endpoint: add support for oauth endpoint params #15667

wants to merge 2 commits into from
+355 −151

Conversation

chemamartinez
Copy link
Contributor

Proposed commit message

Add support for the oauth_endpoint_params configuration parameter for all available data streams.

Log data stream still works under httpjson so the option has been added under data stream level along with all the OAuth2 options for this data stream.

For the another data streams, as they work under the CEL input, it has been added at input level so adding any value to this option will affect all data streams that rely on CEL (machine, machine_action, and vulnerability).

Finally, the auth logic for the vulnerability data stream is implemented in the CEL program instead of delegate in the CEL auth options for the input. Therefore, the oauth endpoint params in this case are added manually in the program as well.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Related issues

Screenshots

image

@chemamartinez chemamartinez self-assigned this Oct 16, 2025
@chemamartinez chemamartinez added enhancement New feature or request Integration:microsoft_defender_endpoint Microsoft Defender for Endpoint Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Oct 16, 2025
@chemamartinez chemamartinez marked this pull request as ready for review October 16, 2025 11:12
@chemamartinez chemamartinez requested a review from a team as a code owner October 16, 2025 11:12
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elastic-vault-github-plugin-prod
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link

💚 Build Succeeded

cc @chemamartinez

@andrewkroh andrewkroh added the documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. label Oct 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@chemamartinez chemamartinez

Labels

documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request Integration:microsoft_defender_endpoint Microsoft Defender for Endpoint Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Microsoft Defender for Endpoint: make OAuth2 endpoint params configurable

3 participants

@chemamartinez @elasticmachine @andrewkroh