Share via

How to fetch Cloud Discovery Dashboard data in Microsoft Defender Portal using PowerShell?

Efa Shahira 20 Reputation points
2024-01-03T09:25:46.5433333+00:00

Hello, I'm attempting to use Powershell to obtain data for the Cloud Discovery Dashboard from the Microsoft Defender Portal. Is it possible for me to obtain data from PowerShell that precisely matches the provided image?

Is it possible to get that information using any modules or API documentation?

User's image

Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
148 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Timothé Chauvet 0 Reputation points
    2024-01-03T17:19:04.15+00:00

    Hello,

    According to this MS Learn page, you can use the REST API

    The endpoints are

    • /api/v1/activities/
    • /api/v1/alerts/ (your second figure)
    • /api/subnet/
    • /api/v1/entities/ (your third figure)
    • /api/v1/files/

    Your PowerShell command will resemble this

    Invoke-RestMethod -Uri "https://<tenant_id>.<tenant_region>.contoso.com/api/v1/example/" -Method Get -Headers @{Authorization="Token <your_token_key>"; "Content-Type"="application/json"} -Body (@{"filters"=@{}} | ConvertTo-Json -Compress)

    To get the token key : https://learn.microsoft.com/en-us/defender-cloud-apps/api-authentication

    For example, listing open alerts with filters will look like this

    Invoke-RestMethod -Uri "https://<tenant_id>.<tenant_region>.contoso.com/api/v1/alerts/" -Method Get -Headers @{Authorization="Token <your_token_key>"; "Content-Type"="application/json"} -Body (@{"filters"=@{"alertOpen"=True}} | ConvertTo-Json -Compress)

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.