Supported Microsoft Defender XDR APIs
Note
Want to experience Microsoft Defender XDR? Learn more about how you can evaluate and pilot Microsoft Defender XDR.
Applies to:
- Microsoft Defender XDR
Note
Try our new APIs using MS Graph security API. Find out more at: Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn.
Important
Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
List of available APIs
| Article | Description |
|---|---|
| Advanced Hunting API | Run Advanced Hunting queries. |
| Incident APIs | List and update incidents, along with other practical tasks. |
| Streaming API | Ship real-time events and alerts as they occur in a single data stream. |
Endpoint URIs
The base URI for both of the main APIs is: https://api.security.microsoft.com. For better performance, use a server closer to your geolocation:
- The United States: api-us.security.microsoft.com
- Europe: api-eu.security.microsoft.com
- The United Kingdom: api-uk.security.microsoft.com
Tokens can be acquired by accessing https://api.security.microsoft.com.
All APIs along the /api path use the OData Protocol; for example, https://api.security.microsoft.com/api/incidents.
Related articles
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for