threatIntelligence resource type
Namespace: microsoft.graph.security
Note
The Microsoft Graph API for Microsoft Defender Threat Intelligence requires an active Defender Threat Intelligence Portal license and API add-on license for the tenant.
Provides APIs to retrieve threat intelligence information, such as about a host or an article on a threat.
The Microsoft Graph threat intelligence API delivers world-class threat intelligence to help protect your organization from modern cyber threats. Using threat intelligence APIs, you can identify adversaries and their operations, accelerate detection and remediation, and enhance your security investments and workflows.
The threat intelligence API allows you to operationalize intelligence found within the user interface. This includes finished intelligence in the forms of articles and intel profiles, machine intelligence including indicators of compromise (IoCs) and reputation verdicts, and finally, enrichment data including passive DNS, cookies, components, and trackers.
Methods
| Method | Return type | Description |
|---|---|---|
| List articles | microsoft.graph.security.article collection | Get a list of article objects, including their properties and relationships. |
| List intelProfiles | microsoft.graph.security.intelligenceProfile collection | Get a list of intelligenceProfile resources. |
| Get hostPort | microsoft.graph.security.hostPort | Get the properties and relationships of a hostPort object. |
| List sslCertificates | microsoft.graph.security.sslCertificate collection | Get a list of sslCertificate objects and their properties. |
| List whoisRecords | microsoft.graph.security.whoisRecord | Get a list of whoisRecord objects. |
Properties
None.
Relationships
| Relationship | Type | Description |
|---|---|---|
| articleIndicators | microsoft.graph.security.articleIndicator collection | Refers to indicators of threat or compromise highlighted in an article. Note: List retrieval is not yet supported. |
| articles | microsoft.graph.security.article collection | A list of article objects. |
| hostComponents | microsoft.graph.security.hostComponent collection | Retrieve details about hostComponent objects. Note: List retrieval is not yet supported. |
| hostCookies | microsoft.graph.security.hostCookie collection | Retrieve details about hostCookie objects. Note: List retrieval is not yet supported. |
| hostPairs | microsoft.graph.security.hostPair collection | Retrieve details about hostTracker objects. Note: List retrieval is not yet supported. |
| hostPorts | microsoft.graph.security.hostPort collection | Retrieve details about hostPort objects. Note: List retrieval is not yet supported. |
| hostSslCertificates | microsoft.graph.security.hostSslCertificate collection | Retrieve details about hostSslCertificate objects. Note: List retrieval is not yet supported. |
| hostTrackers | microsoft.graph.security.hostTracker collection | Retrieve details about hostTracker objects. Note: List retrieval is not yet supported. |
| hosts | microsoft.graph.security.host collection | Refers to host objects that Microsoft Threat Intelligence has observed. Note: List retrieval is not yet supported. |
| intelProfileIndicators | microsoft.graph.security.intelligenceProfileIndicator collection | Refers to indicators of threat or compromise highlighted in an intelligenceProfile. Note: List retrieval is not yet supported. |
| intelProfiles | microsoft.graph.security.intelligenceProfile collection | A list of intelligenceProfile objects. |
| passiveDnsRecords | microsoft.graph.security.passiveDnsRecord collection | Retrieve details about passiveDnsRecord objects. Note: List retrieval is not yet supported. |
| sslCertificates | microsoft.graph.security.sslCertificate collection | Retrieve details about sslCertificate objects. Note: List retrieval is not yet supported. |
| subdomains | microsoft.graph.security.subdomain collection | Retrieve details about the subdomain. Note: List retrieval is not yet supported. |
| vulnerabilities | microsoft.graph.security.vulnerability collection | Retrieve details about vulnerabilities. Note: List retrieval is not yet supported. |
| whoisHistoryRecords | microsoft.graph.security.whoisHistoryRecord collection | Retrieve details about whoisHistoryRecord objects. Note: List retrieval is not yet supported. |
| whoisRecords | microsoft.graph.security.whoisRecord collection | A list of whoisRecord objects. |
JSON representation
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.security.threatIntelligence"
}
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for