Defender ATP - Pull machine timeline events via API or Advanced Threat Hunting

cd 21 Reputation points

We are working on a SOAR project and are trying to figure out if it is possible either through the API or the Advanced Hunting queries to pull a list of events from the machine timeline when alerts occur.

We have successfully integrated and can query and pull information but I am having trouble finding if this specific use case is an option.


Not Monitored
Not Monitored
Tag not monitored by Microsoft.
37,668 questions
0 comments No comments
{count} votes

Accepted answer
  1. Anonymous

    Defender ATP is not currently supported here on QnA. I'd try asking for help in dedicated forums here.

    --please don't forget to Accept as answer if the reply is helpful--

    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    0 comments No comments

0 additional answers

Sort by: Most helpful