| title | Supported Microsoft Defender XDR APIs | |||
|---|---|---|---|---|
| description | Learn about the specific supported Microsoft Defender XDR entities where you can create API calls to. | |||
| ms.service | defender-xdr | |||
| f1.keywords |
|
|||
| ms.author | edbaynash | |||
| author | EdB-MSFT | |||
| ms.localizationpriority | medium | |||
| manager | dansimp | |||
| audience | ITPro | |||
| ms.collection |
|
|||
| ms.topic | reference | |||
| search.appverid |
|
|||
| ms.custom | api | |||
| ms.date | 04/18/2025 | |||
| appliesto |
|
[!INCLUDE Microsoft Defender XDR rebranding]
Note
Try our new APIs using MS Graph security API. Find out more at: Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn.
Important
Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
| Article | Description |
|---|---|
| Advanced Hunting API | Run Advanced Hunting queries. |
| Incident APIs | List and update incidents, along with other practical tasks. |
| Streaming API | Ship real-time events and alerts as they occur in a single data stream. |
The base URI for both of the main APIs is: https://api.security.microsoft.com. For better performance, use a server closer to your geolocation:
- The United States: api-us.security.microsoft.com
- Europe: api-eu.security.microsoft.com
- The United Kingdom: api-uk.security.microsoft.com
Tokens can be acquired by accessing https://api.security.microsoft.com.
All APIs along the /api path use the OData Protocol; for example, https://api.security.microsoft.com/api/incidents.