Defender ATP - Pull machine timeline events via API or Advanced Threat Hunting

cd 21 Reputation points
2020-06-04T17:50:25.953+00:00

We are working on a SOAR project and are trying to figure out if it is possible either through the API or the Advanced Hunting queries to pull a list of events from the machine timeline when alerts occur.

We have successfully integrated and can query and pull information but I am having trouble finding if this specific use case is an option.

Thanks

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
36,306 questions
0 comments
Accepted answer
  1. Dave Patrick 426.1K Reputation points MVP
    2020-06-04T17:59:08.353+00:00

    Defender ATP is not currently supported here on QnA. I'd try asking for help in dedicated forums here.

    https://social.technet.microsoft.com/Forums/en-US/home?forum=WindowsDefenderATPPreview

    --please don't forget to Accept as answer if the reply is helpful--

    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest