View Source OffBroadway.Defender365.IncidentClient (off_broadway_defender365 v1.0.0)
Default API client used by OffBroadway.Defender365.Producer
to receive incidents
from Microsoft 365 Defender
Incident APIs.
An incident is a collection of related alerts that help describe an attack. Events from
different entities in an organization are automatically aggregated by Microsoft Defender 365.
This module implements the OffBroadway.Defender365.Client
and Broadway.Acknowledger
behaviours which defines callbacks for receiving and acknowledging events.
The 365 Defender Incident client uses the api.security.microsoft.com
endpoints for receiving
incidents and is implemented using the Tesla library.
Tesla is a HTTP client abstraction library which lets us easily select from a range of HTTP adapters.
Please see the Tesla documentation
for more information.
The following quotas are enforced for the incidents API:
- Maximum page size is 100 incidents
- Maximum rate of requests is 50 calls per minute and 1500 calls per hour
The following permissions are required to call the incidents API:
- Permission type: Application - Incident.Read.All
- Permission type: Application - Incident.ReadWrite.All
- Permission type: Delegated - Incident.Read
- Permission type: Delegated - Incident.ReadWrite
Link to this section Summary
Functions
Returns a Tesla.Client
configured with middleware.
Link to this section Functions
@spec client(opts :: Keyword.t()) :: Tesla.Client.t()
Returns a Tesla.Client
configured with middleware.
Tesla.Middleware.BaseUrl
middleware configured withbase_url
passed viaopts
.Tesla.Middleware.BearerAuth
middleware configured withapi_token
passed viaopts
.Tesla.Middleware.Query
middleware configured withquery
passed viaopts
.Tesla.Middleware.JSON
middleware configured withJason
engine.