windows-itpro-docs/windows/security/threat-protection/microsoft-defender-atp/files.md

title, description, keywords, search.product, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.author, author, ms.localizationpriority, manager, audience, ms.collection, ms.topic

title	description	keywords	search.product	ms.prod	ms.mktglfcycl	ms.sitesec	ms.pagetype	ms.author	author	ms.localizationpriority	manager	audience	ms.collection	ms.topic
File resource type	Retrieves top recent alerts.	apis, graph api, supported apis, get, alerts, recent	eADQiWindows 10XVcnh	w10	deploy	library	security	macapara	mjcaparas	medium	dansimp	ITPro	M365-security-compliance	article

File resource type

Applies to:

• Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)

Represent a file entity in Microsoft Defender ATP.

Methods

Method	Return Type	Description
Get file	file	Get a single file
List file related alerts	alert collection	Get the alert entities that are associated with the file.
List file related machines	machine collection	Get the machine entities associated with the alert.
file statistics	Statistics summary	Retrieves the prevalence for the given file.

Properties

Property	Type	Description
sha1	String	Sha1 hash of the file content
sha256	String	Sha256 hash of the file content
md5	String	md5 hash of the file content
globalPrevalence	Integer	File prevalence across organization
globalFirstObserved	DateTimeOffset	First time the file was observed.
globalLastObserved	DateTimeOffset	Last time the file was observed.
size	Integer	Size of the file.
fileType	String	Type of the file.
isPeFile	Boolean	true if the file is portable executable (e.g. "DLL", "EXE", etc.)
filePublisher	String	File publisher.
fileProductName	String	Product name.
signer	String	File signer.
issuer	String	File issuer.
signerHash	String	Hash of the signing certificate.
isValidCertificate	Boolean	Was signing certificate successfully verified by Microsoft Defender ATP agent.