API calls for Microsoft Defender

The Microsoft Defender connector makes API calls to Microsoft Graph and the Defender for Cloud Apps API to retrieve data.

caution

The API endpoints are currently in beta, which may result in a slower connector aggregation process.

Uploaded streams

The call uses the GET operation to retrieve information about all the manually uploaded streams from your firewalls and proxies.

URI: https://graph.microsoft.com/beta/security/dataDiscovery/cloudAppDiscovery/uploadedStreams

For more information, see Microsoft Graph docs .

Aggregated app details

The call uses the GET operation to retrieve the details of your discovered apps by providing the time period. The supported time periods are the last 7, 30, or 90 days.

URI: https://graph.microsoft.com/beta/security/dataDiscovery/cloudAppDiscovery/uploadedStreams/<streamId>/aggregatedAppsDetails(period=duration'<streamTimeFrame>')

For more information, see Microsoft Graph docs .

Users

The call uses the GET operation to retrieve a list of users who accessed the discovered cloud application.

URI: https://graph.microsoft.com/beta/security/dataDiscovery/cloudAppDiscovery/uploadedStreams/<streamId>/aggregatedAppsDetails(period=duration'<streamTimeFrame>')/<applicationId>/users

For more information, see Microsoft Graph docs .

User details

The call uses the GET operation to fetch user details of your cloud applications.

URI: /api/v1/entities/<pk>/

For more information, see Microsoft Defender docs .

Uploaded streams​

Aggregated app details​

Users​

User details​

Uploaded streams

Aggregated app details

Users

User details