Fetching Ransomware, Phishing, and Vulnerability details using API or PowerShell in Microsoft 365 Defender Threat Analytics

Swahela Mulla 90 Reputation points
2023-07-03T17:20:50.6333333+00:00

Hello everyone,

I have been exploring Microsoft 365 Defender Threat Analytics and I'm trying to fetch specific details or counts related to Ransomware, Phishing, and Vulnerability. I have attempted to find a solution using APIs or PowerShell commands, but I haven't been successful so far.

Specifically, I'm looking for an API or PowerShell command that would allow me to retrieve the overall count of Ransomware, Phishing, and Vulnerability incidents for the entire tenant.

In the Threat Analytics portal (attached image), we have a dashboard displaying the counts for each category. I'm looking for a way to programmatically obtain these counts, similar to what is shown in the image.

I have already referred to the official documentation on Threat Analytics (link: https://learn.microsoft.com/en-us/microsoft-365/security/defender/threat-analytics?view=o365-worldwide#view-the-threat-analytics-dashboard), but I couldn't find the information I'm seeking.

If anyone has experience with this or knows a workaround, please assist me or suggest any possible alternatives to achieve this goal.

 Thank you in advance for your help!ta_dashboard_mtp

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
3,851 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,677 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,199 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,089 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 43,961 Reputation points
    2023-07-04T14:02:32.39+00:00

    Hello,

    Unfortunately, as of my knowledge cutoff in September 2021, Microsoft 365 Defender Threat Analytics does not provide a specific API or PowerShell command to retrieve the overall counts of Ransomware, Phishing, and Vulnerability incidents for the entire tenant. At that time, Threat Analytics mainly focused on providing insights and visualizations through its web-based portal.

    However, Microsoft frequently updates and enhances its services, so it's possible that new features or APIs have been introduced since then. To get the most accurate and up-to-date information on retrieving such counts programmatically, I recommend referring to the official Microsoft documentation for Microsoft 365 Defender, checking the Microsoft Graph API documentation, or reaching out to Microsoft Support for assistance. They can provide you with the latest information and guidance on accessing the required data programmatically.

    I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments