Data Enrichment API
Microsoft Defender for Cloud Apps is now part of Microsoft 365 Defender, which correlates signals from across the Microsoft Defender suite and provides incident-level detection, investigation, and powerful response capabilities. For more information, see Microsoft Defender for Cloud Apps in Microsoft 365 Defender.
The Data Enrichment API enables you to manage identifiable IP address ranges, such as your physical office IP addresses. IP address ranges allow you to tag, categorize, and customize the way logs and alerts are displayed and investigated. For more information, see Working with IP ranges and tags.
The following lists the supported requests:
The response object defines the following properties.
|total||int||Total number of record|
|hasNext||bool||Indicates whether there are additional records|
|data||list||List of the existing records|
|_id||string||Unique id of the IP range|
|name||string||The unique name of the range|
|subnets||list||An array of masks, IP addresses (IPv4 / IPv6), and original strings|
|location||string||An object including the location name, latitude, longitude, country code, and country name|
|organization||string||The registered ISP|
|tags||list||An array of new or existing objects including the tag name, id, description, name template, and tenant id|
|category||int||The category of the IP range. Providing a category helps you easily recognize activities from interesting IP addresses. Possible values include:
5: Cloud provider
|lastModified||long||Timestamp of the last rule changed|
For information about how filters work, see Filters.
The following table describes the supported filters:
|category||integer||eq, neq||Filter IP ranges by category. Possible values include:
5: Cloud provider
|tags||string||eq, neq||Filter IP ranges by tag IDs|
|builtIn||bool||eq||Filter IP ranges by type. Possible values include: true (built-in) or false (custom)|
If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.