threatIntelligence resource type

Namespace: microsoft.graph.security

Note

The Microsoft Graph API for Microsoft Defender Threat Intelligence requires an active Defender Threat Intelligence Portal license and API add-on license for the tenant.

Provides APIs to retrieve threat intelligence information, such as about a host or an article on a threat.

The Microsoft Graph threat intelligence API delivers world-class threat intelligence to help protect your organization from modern cyber threats. Using threat intelligence APIs, you can identify adversaries and their operations, accelerate detection and remediation, and enhance your security investments and workflows.

The threat intelligence API allows you to operationalize intelligence found within the user interface. This includes finished intelligence in the forms of articles and intel profiles, machine intelligence including indicators of compromise (IoCs) and reputation verdicts, and finally, enrichment data including passive DNS, cookies, components, and trackers.

Methods

Method Return type Description
List articles microsoft.graph.security.article collection Get a list of article objects, including their properties and relationships.
List intelProfiles microsoft.graph.security.intelligenceProfile collection Get a list of intelligenceProfile resources.
Get hostPort microsoft.graph.security.hostPort Get the properties and relationships of a hostPort object.
List sslCertificates microsoft.graph.security.sslCertificate collection Get a list of sslCertificate objects and their properties.
List whoisRecords microsoft.graph.security.whoisRecord Get a list of whoisRecord objects.

Properties

None.

Relationships

Relationship Type Description
articleIndicators microsoft.graph.security.articleIndicator collection Refers to indicators of threat or compromise highlighted in an article.
Note: List retrieval is not yet supported.
articles microsoft.graph.security.article collection A list of article objects.
hostComponents microsoft.graph.security.hostComponent collection Retrieve details about hostComponent objects.
Note: List retrieval is not yet supported.
hostCookies microsoft.graph.security.hostCookie collection Retrieve details about hostCookie objects.
Note: List retrieval is not yet supported.
hostPairs microsoft.graph.security.hostPair collection Retrieve details about hostTracker objects.
Note: List retrieval is not yet supported.
hostPorts microsoft.graph.security.hostPort collection Retrieve details about hostPort objects.
Note: List retrieval is not yet supported.
hostSslCertificates microsoft.graph.security.hostSslCertificate collection Retrieve details about hostSslCertificate objects.
Note: List retrieval is not yet supported.
hostTrackers microsoft.graph.security.hostTracker collection Retrieve details about hostTracker objects.
Note: List retrieval is not yet supported.
hosts microsoft.graph.security.host collection Refers to host objects that Microsoft Threat Intelligence has observed.
Note: List retrieval is not yet supported.
intelProfileIndicators microsoft.graph.security.intelligenceProfileIndicator collection Refers to indicators of threat or compromise highlighted in an intelligenceProfile.
Note: List retrieval is not yet supported.
intelProfiles microsoft.graph.security.intelligenceProfile collection A list of intelligenceProfile objects.
passiveDnsRecords microsoft.graph.security.passiveDnsRecord collection Retrieve details about passiveDnsRecord objects.
Note: List retrieval is not yet supported.
sslCertificates microsoft.graph.security.sslCertificate collection Retrieve details about sslCertificate objects.
Note: List retrieval is not yet supported.
subdomains microsoft.graph.security.subdomain collection Retrieve details about the subdomain.
Note: List retrieval is not yet supported.
vulnerabilities microsoft.graph.security.vulnerability collection Retrieve details about vulnerabilities.
Note: List retrieval is not yet supported.
whoisHistoryRecords microsoft.graph.security.whoisHistoryRecord collection Retrieve details about whoisHistoryRecord objects.
Note: List retrieval is not yet supported.
whoisRecords microsoft.graph.security.whoisRecord collection A list of whoisRecord objects.

JSON representation

The following JSON representation shows the resource type.

{
  "@odata.type": "#microsoft.graph.security.threatIntelligence"
}