Forum Discussion
URL Clic API for MDO ?
Hello everyone,
TL;DR : is it a MDO SafeLinks API, or a Microsoft 365 Defender where we can check whether a URL has been clicked or not?
I'm a security officer, working with Azure sentinel and logic apps. I frequently receive security incidents where I have to investigate if users accessed bad URLs.
I want too automate this a bit and set up a logic app for that.
Do you know if there is any documentation on this (and if this feature is available)?
TL;DR : is it a MDO SafeLinks API, or a Microsoft 365 Defender where we can check whether a URL has been clicked or not?
I'm a security officer, working with Azure sentinel and logic apps. I frequently receive security incidents where I have to investigate if users accessed bad URLs.
I want too automate this a bit and set up a logic app for that.
Do you know if there is any documentation on this (and if this feature is available)?
3 Replies
- No need for an API. The Microsoft Defender XDR Connector Inside Sentinel will pull in the UrlClickEvents table inside Sentinel, so you can create an Analytic Rule to query the UrlClickEvents table.
jeffazure Unfortunately I do not believe there is an API for this. For Microsoft Defender for Office 365's SafeLinks functionality, there is however a PowerShell cmdlet in the Exchange Online module. It's called Get-UrlTrace and can be used to determine who clicked on a URL.
pvanberlo is there an API available for submitting an email sample via automation and retrieving the analysis results?
