threatIntelligence resource type

Namespace: microsoft.graph.security

Important

APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

Note

The Microsoft Graph API for Microsoft Defender Threat Intelligence requires an active Defender Threat Intelligence Portal license and API add-on license for the tenant.

Provides APIs to retrieve threat intelligence information, such as about a host or an article on a threat.

The Microsoft Graph threat intelligence API delivers world-class threat intelligence to help protect your organization from modern cyber threats. Using threat intelligence APIs, you can identify adversaries and their operations, accelerate detection and remediation, and enhance your security investments and workflows.

The threat intelligence API allows you to operationalize intelligence found within the user interface. This includes finished intelligence in the forms of articles and intel profiles, machine intelligence including indicators of compromise (IoCs) and reputation verdicts, and finally, enrichment data including passive DNS, cookies, components, and trackers.

Methods

Method Return type Description
List articles microsoft.graph.security.article collection Get a list of article objects, including their properties and relationships.
Get article microsoft.graph.security.article Read the properties and relationships of an article object.
Get articleIndicator microsoft.graph.security.articleIndicator Get the articleIndicator resources from the articleIndicators navigation property.
Get host microsoft.graph.security.host Get a list of host resources.
Get hostComponent microsoft.graph.security.hostComponent Get the properties and relationships of a hostComponent object.
Get hostCookie microsoft.graph.security.hostCookie Get a list of hostCookie resources.
Get hostPair microsoft.graph.security.host Read the properties and relationships of a hostPair object.
List childHostPairs microsoft.graph.security.host Get a list of hostPair resources.
List hostPairs microsoft.graph.security.host Get a list of hostPair resources.
List parentHostPairs microsoft.graph.security.host Get a list of hostPair resources.
Get hostPort microsoft.graph.security.hostPort Get the properties and relationships of a hostPort object.
Get hostTracker microsoft.graph.security.hostTracker Get a list of hostTracker resources.
Get intelProfileIndicators microsoft.graph.security.intelligenceProfileIndicator collection Get a list of intelligenceProfileIndicator resources.
List intelProfiles microsoft.graph.security.intelligenceProfile collection Get a list of intelligenceProfile resources.
Get hostTracker microsoft.graph.security.hostTracker Get a list of hostTracker resources.
Get passiveDnsRecord microsoft.graph.security.passiveDnsRecord Get the properties and relationships of a hostTracker object.
Get subdomain microsoft.graph.security.subdomain Get the properties and relationships of a subdomain object.
Get vulnerabilities microsoft.graph.security.vulnerability Get the properties and relationships of a vulnerability object.
Get sslCertificate microsoft.graph.security.sslCertificate Get the properties and relationships of an sslCertificate object.
List sslCertificates microsoft.graph.security.sslCertificate collection Get a list of sslCertificate objects and their properties.
Get hostSslCertificate microsoft.graph.security.hostSslCertificate Get the properties and relationships of a hostSslCertificate object.
List hostSslCertificates microsoft.graph.security.hostSslCertificate collection Get a list of hostSslCertificate objects from the host navigation property.
List whoisRecords microsoft.graph.security.whoisRecord Get a list of whoisRecord objects.
Get whoisHistoryRecord microsoft.graph.security.whoisHistoryRecord Read the properties and relationships of a whoisHistoryRecord object.

Properties

None.

Relationships

Relationship Type Description
articleIndicators microsoft.graph.security.articleIndicator collection Refers to indicators of threat or compromise highlighted in an article.
Note: List retrieval is not yet supported.
articles microsoft.graph.security.article collection A list of article objects.
hostComponents microsoft.graph.security.hostComponent collection Retrieve details about hostComponent objects.
Note: List retrieval is not yet supported.
hostCookies microsoft.graph.security.hostCookie collection Retrieve details about hostCookie objects.
Note: List retrieval is not yet supported.
hostPairs microsoft.graph.security.hostPair collection Retrieve details about hostTracker objects.
Note: List retrieval is not yet supported.
hostPorts microsoft.graph.security.hostPort collection Retrieve details about hostPort objects.
Note: List retrieval is not yet supported.
hostSslCertificates microsoft.graph.security.hostSslCertificate collection Retrieve details about hostSslCertificate objects.
Note: List retrieval is not yet supported.
hostTrackers microsoft.graph.security.hostTracker collection Retrieve details about hostTracker objects.
Note: List retrieval is not yet supported.
hosts microsoft.graph.security.host collection Refers to host objects that Microsoft Threat Intelligence has observed.
Note: List retrieval is not yet supported.
intelProfileIndicators microsoft.graph.security.intelligenceProfileIndicator collection Refers to indicators of threat or compromise highlighted in an intelligenceProfile.
Note: List retrieval is not yet supported.
intelProfiles microsoft.graph.security.intelligenceProfile collection A list of intelligenceProfile objects.
passiveDnsRecords microsoft.graph.security.passiveDnsRecord collection Retrieve details about passiveDnsRecord objects.
Note: List retrieval is not yet supported.
sslCertificates microsoft.graph.security.sslCertificate collection Retrieve details about sslCertificate objects.
Note: List retrieval is not yet supported.
subdomains microsoft.graph.security.subdomain collection Retrieve details about the subdomain.
Note: List retrieval is not yet supported.
vulnerabilities microsoft.graph.security.vulnerability collection Retrieve details about vulnerabilities.
Note: List retrieval is not yet supported.
whoisHistoryRecords microsoft.graph.security.whoisHistoryRecord collection Retrieve details about whoisHistoryRecord objects.
Note: List retrieval is not yet supported.
whoisRecords microsoft.graph.security.whoisRecord collection A list of whoisRecord objects.

JSON representation

The following JSON representation shows the resource type.

{
  "@odata.type": "#microsoft.graph.security.threatIntelligence"
}