API calls for Microsoft Defender
The Microsoft Defender connector makes API calls to Microsoft Graph and the Defender for Cloud Apps API to retrieve data.
The API endpoints for this connector are in beta, which may result in a slower connector aggregation process.
Uploaded streams
The call uses the GET operation to retrieve information about all the manually uploaded streams from your firewalls and proxies.
URI: https://graph.microsoft.com/beta/security/dataDiscovery/cloudAppDiscovery/uploadedStreams
For more information, see Microsoft Graph docs .
Aggregated app details
The call uses the GET operation to retrieve the details of your discovered apps by providing the time period. The supported time periods are the last 7, 30, or 90 days.
URI: https://graph.microsoft.com/beta/security/dataDiscovery/cloudAppDiscovery/uploadedStreams/<streamId>/aggregatedAppsDetails(period=duration'<streamTimeFrame>')
For more information, see Microsoft Graph docs .
Users
The call uses the GET operation to retrieve a list of users who accessed the discovered cloud application.
URI: https://graph.microsoft.com/beta/security/dataDiscovery/cloudAppDiscovery/uploadedStreams/<streamId>/aggregatedAppsDetails(period=duration'<streamTimeFrame>')/<applicationId>/users
For more information, see Microsoft Graph docs .
User details
The call uses the GET operation to fetch user details of your cloud applications.
URI: /api/v1/entities/<pk>/
For more information, see Microsoft Defender docs .