Forum Discussion
Defender API question... EmailEvents Table, IdentityInfo table?
Defender API Question.... Is there a way to query the EmailEvents table through an api? Or the Identityinfo table? I'm currently testing through - api-us.securitycenter.microsoft.com and pla...
Hi mathurin68,
You need to query the Microsoft 365 Defender Advanced Hunting API in order to access email-related events (as these aren't Microsoft Defender for Endpoint events), e.g.:
POST https://api.security.microsoft.com/api/advancedhunting/run
{
"Query": "EmailEvents | where Timestamp > ago(5d) | project Timestamp, SenderFromAddress, SenderFromDomain, SenderIPv4, RecipientEmailAddress | top 10 by Timestamp desc"
}