We are working on a SOAR project and are trying to figure out if it is possible either through the API or the Advanced Hunting queries to pull a list of events from the machine timeline when alerts occur.
We have successfully integrated and can query and pull information but I am having trouble finding if this specific use case is an option.
Thanks
Defender ATP is not currently supported here on QnA. I'd try asking for help in dedicated forums here.
https://social.technet.microsoft.com/Forums/en-US/home?forum=WindowsDefenderATPPreview
--please don't forget to Accept as answer if the reply is helpful--
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows Server] Datacenter Management
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.
9 people are following this question.
