Defender ATP - Lookup Hash and Domain

Question

Defender ATP console is able to show that a hash or a domain has been previously seen on the hosts in the tenant.&nbsp; is there an graph API that could be leveraged to&nbsp; search for hosts with that hash or have seen traffic to a domain.&nbsp;

kylemiller061 · Answer

Vaman-Kini&nbsp;- Yes, you can use the MDATP (Securitycenter) API's domain and file endpoints to retrieve statistic's related to domain and hash observations and lists of machines that have been observed interacting with those entities. You can utilize the API Explorer in the MDATP portal to try them out.&nbsp;https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machineshttps://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines

vaman-kini · Answer

kylemiller061&nbsp;Thank you so much.&nbsp;

Forum Discussion

Defender ATP - Lookup Hash and Domain

2 Replies

Resources