Data Enrichment API
Note
Microsoft Defender for Cloud Apps (previously known as Microsoft Cloud App Security) is now part of Microsoft 365 Defender. The Microsoft 365 Defender portal allows security admins to perform their security tasks in one location. This will simplify workflows, and add the functionality of the other Microsoft 365 Defender services. Microsoft 365 Defender will be the home for monitoring and managing security across your Microsoft identities, data, devices, apps, and infrastructure. For more information about these changes, see Microsoft Defender for Cloud Apps in Microsoft 365 Defender.
The Data Enrichment API enables you to manage identifiable IP address ranges, such as your physical office IP addresses. IP address ranges allow you to tag, categorize, and customize the way logs and alerts are displayed and investigated. For more information, see Working with IP ranges and tags.
The following lists the supported requests:
Properties
The response object defines the following properties.
| Property | Type | Description |
|---|---|---|
| total | int | Total number of record |
| hasNext | bool | Indicates whether there are additional records |
| data | list | List of the existing records |
| _id | string | Unique id of the IP range |
| name | string | The unique name of the range |
| subnets | list | An array of masks, IP addresses (IPv4 / IPv6), and original strings |
| location | string | An object including the location name, latitude, longitude, country code, and country name |
| organization | string | The registered ISP |
| tags | list | An array of new or existing objects including the tag name, id, description, name template, and tenant id |
| category | int | The category of the IP range. Providing a category helps you easily recognize activities from interesting IP addresses. Possible values include: 1: Corporate 2: Administrative 3: Risky 4: VPN 5: Cloud provider 6: Other |
| lastModified | long | Timestamp of the last rule changed |
Filters
For information about how filters work, see Filters.
The following table describes the supported filters:
| Filter | Type | Operators | Description |
|---|---|---|---|
| category | integer | eq, neq | Filter IP ranges by category. Possible values include: 1: Corporate 2: Administrative 3: Risky 4: VPN 5: Cloud provider 6: Other |
| tags | string | eq, neq | Filter IP ranges by tag IDs |
| builtIn | bool | eq | Filter IP ranges by type. Possible values include: true (built-in) or false (custom) |
If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.
Tilbakemeldinger
Send inn og vis tilbakemelding for