Microsoft Defender External Attack Surface Management REST API overview - preview
Microsoft Defender External Attack Surface Management (Defender EASM) continuously discovers and maps your digital attack surface to provide an external view of your online infrastructure. This visibility enables security and IT teams to identify unknowns, prioritize risk, eliminate threats, and extend vulnerability and exposure control beyond the firewall. Defender EASM leverages Microsoft’s crawling technology to discover assets that are related to your known online infrastructure, and actively scans these assets to discover new connections over time. Attack Surface Insights are generated by leveraging vulnerability and infrastructure data to showcase the key areas of concern for your organization.
The Defender EASM REST API lets customers manage their attack surface at scale. Users can leverage Defender EASM data to automate workflows by integrating into existing processes or creating new applications and clients.
Operation groups
The Defender EASM REST API provides operations for working with the following resources:
| Operation group | Operation Type | Description |
|---|---|---|
| Assets | Data plane | Retrieve or update assets by assetID or designated search parameters. |
| Data Connections | Data plane | Retrieve, create, validate or delete a data connection. |
| Discovery groups | Data plane | Retrieve, create, run or remove discovery groups, and retrieve discovery results. |
| Discovery templates | Data plane | Retrieve discovery templates. |
| Reports | Data plane | Retrieve a recent snapshot of asset summary values, or historic summary details. |
| Saved filters | Data plane | Retrieve a list of saved filters, or retrieve, create or remove a specific filter. |
| Tasks | Data plane | Retrieve a list of tasks, or retrieve, cancel or download data for a specific taskID. |
| Labels | Control plane | Retrieve labels, or create, update, or delete a label. |
| Operations | Control plane | Retrieve a list of operations. |
| Workspaces | Control plane | Retrieve a list of workspaces by resource group or subscription, or create, update, or delete a specific workspace. |
| Tasks | Control plane | Retrieve tasks submitted in the given workspace. |
Next steps
Learn how to authenticate to use the Defender EASM REST API
Learn more about Defender External Attack Surface Management