Posted November 16, 20231 yr We’re thrilled to share that the unified APIs that are part of the Microsoft Graph are now generally available! These APIs come with a single endpoint, permissions, auth model, and access token. The Microsoft Defender Threat Intelligence (Defender TI) API for Incidents, Alerts, and Hunting allows organizations to query Defender TI data to operationalize intelligence gleaned from threat actors, tools, and vulnerabilities. Security teams can enrich their understanding of entities inside security incidents, automate triage efforts, and integrate with a broad ecosystem of security tools, including Microsoft Sentinel. Visit the official documentation> Use Cases: This new Defender TI API release has many use cases, including: Incident enrichment: This API allows you to add more context from MDTI knowledge to incident entities, which can help you better understand the incident and take appropriate action. Advanced hunting with Azure notebook: With this API, you can perform advanced hunting using Azure notebooks, which can help you identify potential threats and take proactive measures. SIEM integration: This API allows you to run correlation and build integration with SOAR and SIEM systems, which can help you streamline your security operations. Reporting: This API provides the ability to build rich and custom reporting on top of the MDTI data, which can help you gain insights into your security posture and make informed decisions. API Documentation and More Information: The complete API documentation is available in MS Graph documentation. Here are a few sample API calls to get you started: Host Data: GET https://graph.microsoft.com/v1.0/security/threatIntelligence/hosts/contoso.com Child HostPairs for a hostname: GET https://graph.microsoft.com/v1.0/security/threatIntelligence/hosts/contoso.com/childHostPairs?$count=true Components for a Hostname: GET https://graph.microsoft.com/v1.0/security/threatIntelligence/hosts/contoso.com/components?$count=true Cookies for a Hostname: GET https://graph.microsoft.com/v1.0/security/threatIntelligence/hosts/contoso.com/cookies?$count=true HostPairs for an IP Address: GET https://graph.microsoft.com/v1.0/security/threatIntelligence/hosts/contoso.com/hostPairs?$count=true Host SSL Certificates for an IP Address: GET https://graph.microsoft.com/v1.0/security/threatIntelligence/hosts/contoso.com/sslCertificates?$count=true Parent HostPairs for an IP Address: GET https://graph.microsoft.com/v1.0/security/threatIntelligence/hosts/contoso.com/parentHostPairs?$count=true PassiveDns by IP Address: GET https://graph.microsoft.com/v1.0/security/threatIntelligence/hosts/contoso.com/passiveDns?$count=true PassiveDnsReverse by IP Address: GET https://graph.microsoft.com/v1.0/security/threatIntelligence/hosts/contoso.com/passiveDnsReverse?$count=true Hostname/IP reputation: GET https://graph.microsoft.com/v1.0/security/threatIntelligence/hosts/contoso.com/reputation Subdomains for a Hostname: GET https://graph.microsoft.com/v1.0/security/threatIntelligence/hosts/contoso.com/subdomains?$count=true Trackers for a Hostname: GET https://graph.microsoft.com/v1.0/security/threatIntelligence/hosts/microsoft.com/trackers?$count=true Whois for a Hostname: GET https://graph.microsoft.com/v1.0/security/threatIntelligence/hosts/contoso.com/whois Whois history for a Hostname: GET https://graph.microsoft.com/v1.0/security/threatIntelligence/hosts/contoso.com/whois/history?$count=true Threat Article: GET https://graph.microsoft.com/v1.0/security/threatIntelligence/articles/{articleId} Intel Profile: GET https://graph.microsoft.com/v1.0/security/threatIntelligence/intelProfiles/{intelligenceProfileId} Vulnerability: GET https://graph.microsoft.com/v1.0/security/threatIntelligence/vulnerabilities/{vulnerabilityId} PassiveDnsRecord: GET https://graph.microsoft.com/v1.0//security/threatIntelligence/passiveDnsRecords/{passiveDnsRecordId} Conclusion Be sure to join our fast-growing community of security pros and experts to provide product feedback and suggestions and start conversations about how MDTI is helping your team stay on top of threats. To learn more about how you and your organization can leverage MDTI, watch our and follow our “Become an MDTI Ninja” training path today. Be sure to contact sales to request a free trial or explore licensing options. Continue reading...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.