Data Enrichment API

Note

Microsoft Defender for Cloud Apps (previously known as Microsoft Cloud App Security) is now part of Microsoft 365 Defender. The Microsoft 365 Defender portal allows security admins to perform their security tasks in one location. This will simplify workflows, and add the functionality of the other Microsoft 365 Defender services. Microsoft 365 Defender will be the home for monitoring and managing security across your Microsoft identities, data, devices, apps, and infrastructure. For more information about these changes, see Microsoft Defender for Cloud Apps in Microsoft 365 Defender.

The Data Enrichment API enables you to manage identifiable IP address ranges, such as your physical office IP addresses. IP address ranges allow you to tag, categorize, and customize the way logs and alerts are displayed and investigated. For more information, see Working with IP ranges and tags.

The following lists the supported requests:

Properties

The response object defines the following properties.

Property Type Description
total int Total number of record
hasNext bool Indicates whether there are additional records
data list List of the existing records
_id string Unique id of the IP range
name string The unique name of the range
subnets list An array of masks, IP addresses (IPv4 / IPv6), and original strings
location string An object including the location name, latitude, longitude, country code, and country name
organization string The registered ISP
tags list An array of new or existing objects including the tag name, id, description, name template, and tenant id
category int The category of the IP range. Providing a category helps you easily recognize activities from interesting IP addresses. Possible values include:

1: Corporate
2: Administrative
3: Risky
4: VPN
5: Cloud provider
6: Other
lastModified long Timestamp of the last rule changed

Filters

For information about how filters work, see Filters.

The following table describes the supported filters:

Filter Type Operators Description
category integer eq, neq Filter IP ranges by category. Possible values include:

1: Corporate
2: Administrative
3: Risky
4: VPN
5: Cloud provider
6: Other
tags string eq, neq Filter IP ranges by tag IDs
builtIn bool eq Filter IP ranges by type. Possible values include: true (built-in) or false (custom)

If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.