indicator resource type
Namespace: microsoft.graph.security
Note
The Microsoft Graph API for Microsoft Defender Threat Intelligence requires an active Defender Threat Intelligence Portal license and API add-on license for the tenant.
An abstract type that represents an indicator of compromise or increased risk. Indicators communicate artifacts that indicate that an asset was affected by or related to an attack vector or malicious actor.
This resource isn't directly addressable. You can interact with this resource through one of the following subtypes:
Properties
| Property | Type | Description |
|---|---|---|
| id | String | The system-generated ID for the indicator. |
| source | microsoft.graph.security.indicatorSource | The source that provides this indicator. The possible values are: microsoftDefenderThreatIntelligence, openSourceIntelligence, public, unknownFutureValue. |
Relationships
| Relationship | Type | Description |
|---|---|---|
| artifact | microsoft.graph.security.artifact | The artifact related to this indicator. |
JSON representation
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.security.indicator",
"id": "String (identifier)",
"source": "String"
}
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for