Is it possible for the next version of the add-on to add MS defender vulnerabilty API calls to this add-on? Currently there is only "Microsoft defender for incident" and "Microsoft defender endpoint alert". We need another one add for "Microsoft Defender for Vulnerabilities" ---- Here's the API's below ---
Permissions needed
Collected data API call Permission needed
Machine info GET https://api.securitycenter.microsoft.com/api/machines Machine.Read.All
Full export of vulnerabilities GET https://api.securitycenter.microsoft.com/api/machines/SoftwareVulnerabilitiesExport Vulnerability.Read.All
Delta export of vulnerabilities GET https://api.securitycenter.microsoft.com/api/machines/SoftwareVulnerabilityChangesByMachine Vulnerability.Read.All
Description of vulnerabilities POST https://api.security.microsoft.com/api/advancedhunting/run AdvancedHunting.Read.All
Since that is a Splunk-supported add-on, you can request enhancements at https://ideas.splunk.com.