deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md
Daniel Simpson 9efe39d7be fixing URL for eval link
2019-09-20 11:18:00 -07:00

2.8 KiB
Raw Blame History

title, ms.reviewer, description, keywords, search.product, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.author, author, ms.localizationpriority, manager, audience, ms.collection, ms.topic
title ms.reviewer description keywords search.product ms.prod ms.mktglfcycl ms.sitesec ms.pagetype ms.author author ms.localizationpriority manager audience ms.collection ms.topic
Supported Microsoft Defender Advanced Threat Protection query APIs Learn about the specific supported Microsoft Defender Advanced Threat Protection entities where you can create API calls to. apis, supported apis, actor, alerts, machine, user, domain, ip, file, advanced queries, advanced hunting eADQiWindows 10XVcnh w10 deploy library security macapara mjcaparas medium dansimp ITPro M365-security-compliance article

Supported Microsoft Defender ATP query APIs

Applies to:

  • Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)

Want to experience Microsoft Defender ATP? Sign up for a free trial.

End Point URI and Versioning

End Point URI:

The service base URI is: https://api.securitycenter.windows.com

The queries based OData have the '/api' prefix. For example, to get Alerts you can send GET request to https://api.securitycenter.windows.com/api/alerts

Versioning:

The API supports versioning.

The current version is V1.0.

To use a specific version, use this format: https://api.securitycenter.windows.com/api/{Version}. For example: https://api.securitycenter.windows.com/api/v1.0/alerts

If you don't specify any version (e.g., https://api.securitycenter.windows.com/api/alerts ) you will get to the latest version.

Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses.

In this section

Topic Description
Advanced Hunting Run queries from API.
Alerts Run API calls such as get alerts, alert information by ID, alert related actor information, alert related IP information, and alert related machine information.
Domain Run API calls such as get domain related machines, domain related machines, statistics, and check if a domain is seen in your organization.
File Run API calls such as get file information, file related alerts, file related machines, and file statistics.
IP Run API calls such as get IP related alerts, IP related machines, IP statistics, and check if and IP is seen in your organization.
Machines Run API calls such as find machine information by IP, get machines, get machines by ID, information about logged on users, and alerts related to a given machine ID.
User Run API calls such as get alert related user information, user information, user related alerts, and user related machines.

Related topic