Endpoint URI and versioning
Endpoint URI
The service base URI is: https://api.securitycenter.microsoft.com
The queries based OData have the ‘/api’ prefix. For example, to get Alerts you can send GET request to https://api.securitycenter.microsoft.com/api/alerts
Versioning
The API supports versioning.
The current version is V1.0.
To use a specific version, use this format:
https://api.securitycenter.microsoft.com/api/{Version}
. For example:https://api.securitycenter.microsoft.com/api/v1.0/alerts
If you don’t specify any version (e.g.
https://api.securitycenter.microsoft.com/api/alerts
) you will get to the latest version.
Note
If you are a US Government customer, please use the URIs listed in Microsoft Defender for Endpoint for US Government customers.
Tip
For better performance, you can use server closer to your geo location:
- api-us.securitycenter.microsoft.com
- api-eu.securitycenter.microsoft.com
- api-uk.securitycenter.microsoft.com
Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses.
In this section
Topic | Description |
---|---|
Advanced Hunting | Run queries from API. |
Alert methods and properties | Run API calls such as – get alerts, create alert, update alert and more. |
Export assessment methods and properties per device | Run API calls to gather vulnerability assessments on a per-device basis, such as: – export secure configuration assessment, export software inventory assessment, export software vulnerabilities assessment, and delta export software vulnerabilities assessment. |
Automated Investigation methods and properties | Run API calls such as – get collection of Investigation. |
Get domain related alerts | Run API calls such as – get domain-related devices, domain statistics and more. |
File methods and properties | Run API calls such as – get file information, file related alerts, file related devices, and file statistics. |
Indicators methods and properties | Run API call such as – get Indicators, create Indicator, and delete Indicators. |
Get IP related alerts | Run API calls such as – get IP-related alerts and get IP statistics. |
Machine methods and properties | Run API calls such as – get devices, get devices by ID, information about logged on users, edit tags and more. |
Machine Action methods and properties | Run API call such as – Isolation, Run anti-virus scan and more. |
Recommendation methods and properties | Run API calls such as – get recommendation by ID. |
Remediation activity methods and properties | Run API call such as – get all remediation tasks, get exposed devices remediation task and get one remediation task by id. |
Score methods and properties | Run API calls such as – get exposure score or get device secure score. |
Software methods and properties | Run API calls such as – list vulnerabilities by software. |
User methods | Run API calls such as – get user-related alerts and user-related devices. |
Vulnerability methods and properties | Run API calls such as – list devices by vulnerability. |