TechQA.

Creates a powershell script to recover a vulnerability in Microsoft Security

87 views Asked by At

Yesterday I designed a powershell script to create an automatic task on Azure DevOps, thanks to its Rest API.

My final goal doesn't stop there. My goal is to be able to retrieve when a fairly significant "High" or "Critical" threshold vulnerability falls on our Microsoft XDR (Microsoft Security), this creates an automatic task on AzureDevOps to be aware of, and to be able to deal with this vulnerability as quickly as possible. So I already have the script to create the task by connecting to the REST API, but after a lot of research, I can't find a solution to do the XDR part. Do you have any ideas?

Here's the script:

$pacToken = "Mytokens"
$organizationName = "MyOrganization"
$projectName = "MyProject"
$adoHeader = @{
    Authorization = "Basic {0}" -f [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f "", $pacToken)))
}
$adoTaskUri = "https://dev.azure.com/$organizationName/$projectName/_apis/wit/workitems/`$Task?api-version=5.1"


#Generate JSON body to make the REST API call

$body = @'
[
  {
    "op" : "add",
    "path" : "/fields/System.Title",
    "value" : ""
  },
  {
    "op" : "add",
    "path" : "/fields/System.Description",
    "value" : ""
  },
  {
    "op" : "add",
    "path" : "/fields/System.AssignedTo",
    "value" : ""
  }
]
'@

Invoke-RestMethod -Uri $adoTaskUri -ContentType "application/json-patch+json" -Body $body -headers $adoHeader -Method POST
powershell security azure-devops xdr
Original Q&A
1

There are 1 answers

3
Bright Ran-MSFT On

The Task work item itself cannot deal with the vulnerabilities on Microsoft Security. It just an item that allow your users/teams to discuss and note the progress of the work to deal with the vulnerabilities.

To deal with the vulnerabilities on Microsoft Security, you need to check whether Microsoft Security has provided any interface (API or CLI) that can deal with the vulnerabilities.

From the documentation "Vulnerability resource type", it seems that there is no available API to deal with (or recover) vulnerabilities. The released APIs are just used to get/list the information related to vulnerabilities.

And the documentation "Advanced Hunting using PowerShell" provide the guide of how to call the APIs using PowerShell.

Related Questions in POWERSHELL

Related Questions in SECURITY

Related Questions in AZURE-DEVOPS

Related Questions in XDR

Popular Questions

Trending Questions