Endpoint URI and versioning
Endpoint URI
The service base URI is: https://api.securitycenter.microsoft.com
The queries based OData have the ‘/api’ prefix. For example, to get Alerts you can send GET request to https://api.securitycenter.microsoft.com/api/alerts
Versioning
The API supports versioning.
The current version is V1.0.
To use a specific version, use this format:
https://api.securitycenter.microsoft.com/api/{Version}. For example:https://api.securitycenter.microsoft.com/api/v1.0/alertsIf you don’t specify any version (e.g.
https://api.securitycenter.microsoft.com/api/alerts) you will get to the latest version.
Note
If you are a US Government customer, please use the URIs listed in Microsoft Defender for Endpoint for US Government customers.
Tip
For better performance, you can use server closer to your geo location:
- api-us.securitycenter.microsoft.com
- api-eu.securitycenter.microsoft.com
- api-uk.securitycenter.microsoft.com
Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses.
In this section
| Topic | Description |
|---|---|
| Advanced Hunting | Run queries from API. |
| Alert methods and properties | Run API calls such as – get alerts, create alert, update alert and more. |
| Export assessment methods and properties per device | Run API calls to gather vulnerability assessments on a per-device basis, such as: – export secure configuration assessment, export software inventory assessment, export software vulnerabilities assessment, and delta export software vulnerabilities assessment. |
| Automated Investigation methods and properties | Run API calls such as – get collection of Investigation. |
| Get domain related alerts | Run API calls such as – get domain-related devices, domain statistics and more. |
| File methods and properties | Run API calls such as – get file information, file related alerts, file related devices, and file statistics. |
| Indicators methods and properties | Run API call such as – get Indicators, create Indicator, and delete Indicators. |
| Get IP related alerts | Run API calls such as – get IP-related alerts and get IP statistics. |
| Machine methods and properties | Run API calls such as – get devices, get devices by ID, information about logged on users, edit tags and more. |
| Machine Action methods and properties | Run API call such as – Isolation, Run anti-virus scan and more. |
| Recommendation methods and properties | Run API calls such as – get recommendation by ID. |
| Remediation activity methods and properties | Run API call such as – get all remediation tasks, get exposed devices remediation task and get one remediation task by id. |
| Score methods and properties | Run API calls such as – get exposure score or get device secure score. |
| Software methods and properties | Run API calls such as – list vulnerabilities by software. |
| User methods | Run API calls such as – get user-related alerts and user-related devices. |
| Vulnerability methods and properties | Run API calls such as – list devices by vulnerability. |