How to Retrieve Threat Tags Count and All Threats from Microsoft 365 Defender Threat Analytics Report?

Swahela Mulla 90 Reputation points
2023-08-18T11:14:55.7633333+00:00

Hello Everyone,

I hope this message finds you well. I have a question regarding Microsoft 365 Defender's Threat Analytics Report and its associated capabilities for retrieving threat information.

In the context of Microsoft 365 Defender, I'm interested in two specific aspects:

1. Retrieving Threat Tags Count: I'm looking for a way to programmatically fetch the counts of different threat tags, such as Ransomware, Vulnerability, Phishing, and more, from the Threat Analytics Report. Despite my efforts to search through the documentation and explore various resources, I haven't been able to locate a dedicated API or PowerShell command to achieve this. Could someone please provide insights on how to gather this data efficiently?

2. Fetching All Threats: Additionally, I'm interested in understanding whether there is an API or PowerShell command that allows me to retrieve a comprehensive list of all the threats within my Microsoft 365 tenant. This would greatly assist in our ongoing security analysis and response efforts. Any guidance on this matter would be highly appreciated.

ta_dashboard_mtp

 

If any members of the forum have experience working with Microsoft 365 Defender's APIs or PowerShell commands and possess knowledge about retrieving threat information, I would be extremely grateful for your input. Whether it's a known method, a workaround, or any other relevant information, your expertise could be instrumental in solving these challenges.

For more information, please refer below link:

https://learn.microsoft.com/en-us/answers/questions/1323844/fetching-ransomware-phishing-and-vulnerability-det

Your assistance is highly appreciated!

Thank you.

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
3,834 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,651 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,082 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 43,951 Reputation points
    2023-08-21T10:43:51.0566667+00:00

    Hello there,

    To retrieve threat tag counts and all threats from Microsoft 365 Defender Threat Analytics Reports, you can use Microsoft Graph API or PowerShell with the Microsoft 365 Defender module.

    To retrieve the threat tag counts, you can use the following PowerShell script:

    Connect to Microsoft 365

    Connect-MgGraph

    Get the threat tag counts

    $threatTagCounts = Get-MgAlertTagSummary

    Display the threat tag counts

    $threatTagCounts

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer–

  2. Barry Evanz 235 Reputation points
    2024-03-01T20:20:04.02+00:00

    As far as I know, there's no direct API or command out there for this specific need. Like a workaround you can use the Microsoft 365 Defender API. You might need to script something that fetches threat data, then tally up the tags or list out the threats. It's a bit of manual work but totally doable with the API. For a full threat list, again, dive into the Defender API. Look for endpoints on threat detection and alerts. It'll require some data wrangling to compile everything.

    0 comments