Forum Discussion
sirferl
Mar 12, 2021Copper Contributor
API for Timeline values ?
Hello,
I was wondering where the information for "originally impacted devices" column in the "Event Timeline"is stored. My CISO is interested in a concise report about development of vulnerability numbers. I have to Group this by device groups and associated risks etc. So I need a table that I can link with the inventory etc...
Is there an API - url with this information?
- AxelHellstromCopper ContributorWhat i'll usually do here is to import the data through the OData APIs & Advanced Hunting Queries into PowerBI to present the numbers. I'm not sure that you can fetch originally impacted devices from the Event Timeline, but you sure can fetch the vulnerabilitys and make nice reports of it. That could be a way for you, of course, you need a bit of knowledge of how you present the data in BI and some Advanced Hunting Queries. https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/api-power-bi There's also some templates, don't really know if they fit your needs: https://github.com/microsoft/MicrosoftDefenderForEndpoint-PowerBI
- sirferlCopper ContributorHi Axel,
Thank you for your answer.
I already built some nice looking reports with the API and BI.
The only riddle to be solved is : How I "can fetch originally impacted devices from the Event Timeline"...