MDE API not able to find a file using sha256 hash but corresponding sha1 works‎

Copper Contributor

Hello, We have a workflow with Defender for Endpoint where we call MDE's GET /api/files/${sha256_hash} api endpoint to get information about where the file is seen.

Lately this is always resulting in  HTTP 404 response. This used to work in the past.

 

For the exact same file, GET /api/files/${sha1_hash} does yield all the expected results back. As per the documentation, either sha256 or sha1 should work. Is this a know issue and is there any resolution planned around this?Untitled_26.jpgUntitled_27.jpg

 

documentation for API endpoint in question stating that sha1 or sha256, either can be used-

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/api/get-file-information?...

1 Reply
It is a known issue as far as known to us and other participants on this forum. There is a post about it once in a while. I don't think it is a known issue in the sense the Microsoft has acknowledged it and is planning a fix.