Forum Discussion

rgraphalyze's avatar
rgraphalyze
Copper Contributor
Oct 17, 2023

MDE API not able to find a file using sha256 hash but corresponding sha1 works‎

Hello, We have a workflow with Defender for Endpoint where we call MDE's GET /api/files/${sha256_hash} api endpoint to get information about where the file is seen.

Lately this is always resulting in  HTTP 404 response. This used to work in the past.

 

For the exact same file, GET /api/files/${sha1_hash} does yield all the expected results back. As per the documentation, either sha256 or sha1 should work. Is this a know issue and is there any resolution planned around this?

 

documentation for API endpoint in question stating that sha1 or sha256, either can be used-

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/api/get-file-information?view=o365-worldwide#api-description

  • jbmartin6's avatar
    jbmartin6
    Iron Contributor
    It is a known issue as far as known to us and other participants on this forum. There is a post about it once in a while. I don't think it is a known issue in the sense the Microsoft has acknowledged it and is planning a fix.

Resources