Forum Discussion

MattBurrows's avatar
MattBurrows
Brass Contributor
Feb 10, 2022

API GET for Defender TVM

Hi Guys,   I am running GET on "https://api-eu.securitycenter.windows.com/api/vulnerabilities" to pull all my vulnerabilities. What I am noticing is there is a lot of results with Exposed Machines ...
automation
threat hunting
AKugaseelan's avatar
AKugaseelan
Copper Contributor
Mar 30, 2022

Hi MattBurrows 

 

I know I am a bit late to your question. I was searching something similar and found your question which was not answered yet. Thought I will add this if someone else stumbles over this:

 

As you can see https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/get-all-vulnerabilities?view=o365-worldwide#api-description, there is no filter for the endpoint you are trying to request called "exposedMachines". This is also what you can see in the response error message "Filter parameter is invalid".

 

To solve this, you could either first request all vulnerabilities using the endpoint you already are using and then using the https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/get-machines-by-vulnerability?view=o365-worldwide you could loop through the first request and filter for vulnerabilities with device responses on them. Or the easier solution would be to access the https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/get-all-vulnerabilities-by-machines?view=o365-worldwide endpoint to directly query vulnerabilities which affect the organization per machine and software.

 

Hope this answers your question

Resources