Forum Discussion
CodnChips
Feb 08, 2022Brass Contributor
Search Defender database?
Hi, Apologies if this is a stupid question - Is it possible to search Windows ATP Defender threat database for the existence of an entry? The reason for this is looking to ratify the claims of a d...
- Feb 15, 2022I tried this in my test environment using the API explorer in the M365D portal, and it seems to work fine.
CodnChips
Feb 09, 2022Brass Contributor
For example, did Defender detect Biglock from 30 Dec 21? I don't want to find out the hard way. At the same time, there's no obvious easy way to find out either.
- JonhedFeb 15, 2022Steel ContributorYou might be able to check it with this API.
I have never tried though so not sure if it will work.
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/get-file-information?view=o365-worldwide- JonhedFeb 15, 2022Steel ContributorI tried this in my test environment using the API explorer in the M365D portal, and it seems to work fine.
- CodnChipsFeb 16, 2022Brass Contributor
Hey Jonhed
Thankyou so much for your response! I didn't even know that existed!!
This is the closest that I'm going to get. Interestingly, it seems to provide inconsistent results for example,. if I search for this (Sha256):
EX1) a5516c47fda1033a8212d76ba38ef5d9ec129c6369a73377a204268c16168202I get nothing
If I search for this (SHA1):
EX2) 93ff13c276abb159853cc8cbd8f6ef2fb1d6729fI get results which also contain the Sha256 hash from EX1! Crazy!
I'll have a read and see if I can work out why\what I'm doing wrong, but thanks very much for putting me on this track!