API for Timeline values ?

Occasional Contributor


I was wondering where the information for "originally impacted devices" column in the "Event Timeline"is stored. My CISO is interested in a concise report about development of vulnerability numbers. I have to Group this by device groups and associated risks etc. So I need a table that I can link with the inventory etc...

Is there an API - url with this information?

2 Replies
What i'll usually do here is to import the data through the OData APIs & Advanced Hunting Queries into PowerBI to present the numbers. I'm not sure that you can fetch originally impacted devices from the Event Timeline, but you sure can fetch the vulnerabilitys and make nice reports of it. That could be a way for you, of course, you need a bit of knowledge of how you present the data in BI and some Advanced Hunting Queries. https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/api-power... There's also some templates, don't really know if they fit your needs: https://github.com/microsoft/MicrosoftDefenderForEndpoint-PowerBI
Hi Axel,
Thank you for your answer.
I already built some nice looking reports with the API and BI.
The only riddle to be solved is : How I "can fetch originally impacted devices from the Event Timeline"...