API Documentation

%3CLINGO-SUB%20id%3D%22lingo-sub-147891%22%20slang%3D%22en-US%22%3EAPI%20Documentation%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-147891%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Azure%20ATP%20Team%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIs%20there%20any%20documentation%20available%20on%20the%20API%3F%20We%20would%20like%20to%20integrate%20this%20with%20an%20application%20that%20we%20are%20developing.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-147974%22%20slang%3D%22en-US%22%3ERe%3A%20API%20Documentation%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-147974%22%20slang%3D%22en-US%22%3E%3CP%3ENo%2C%20at%20least%20not%20currently%2C%20we%20don't%20document%20this%20API%20as%20it%20can%20change%20after%20every%20update%20and%20we%20have%20no%20SDK%20like%20compatability%20that%20is%20built%20for%20customer%20usage.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1031853%22%20slang%3D%22en-US%22%3ERe%3A%20API%20Documentation%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1031853%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F106935%22%20target%3D%22_blank%22%3E%40Eli%20Ofek%3C%2FA%3E%3CSPAN%3EI%20need%20api%20documentation%20to%20do%20oauth02%20authentication%20with%20Azure%20ATP.%20Just%20found%20Windows%20Defender%20ATP.%20Can%20you%20help%20me%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1033935%22%20slang%3D%22en-US%22%3ERe%3A%20API%20Documentation%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1033935%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F106754%22%20target%3D%22_blank%22%3E%40David%20Hart%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHi%20David%2C%20have%20you%20checked%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Finvestigate-activities-api%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Finvestigate-activities-api%3C%2FA%3E%26nbsp%3Bto%20get%20Azure%20ATP%20data%20through%20the%20cloud%20app%20security%20portal%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1037004%22%20slang%3D%22en-US%22%3ERe%3A%20API%20Documentation%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1037004%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F215466%22%20target%3D%22_blank%22%3E%40Or%20Tsemah%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%20guy%2C%20would%20you%20help%20me%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20read%20this%20documentation%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Finvestigate-activities-api%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Finvestigate-activities-api%3C%2FA%3E%3C%2FP%3E%3CP%3EBut%20it's%20not%20exactly%20what%20I%20want.%20I%20want%20an%20api%20to%20receive%20Azure%20ATP%20data%20from%20Azure%20ATP.%3C%2FP%3E%3CP%3EHow%20do%20I%20do%20this%20without%20having%20to%20create%20alerts%20in%20CAS%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1037020%22%20slang%3D%22en-US%22%3ERe%3A%20API%20Documentation%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1037020%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F468542%22%20target%3D%22_blank%22%3E%40ArthurCalazans%3C%2FA%3E%26nbsp%3B%2C%20you%20don't%20need%20to%20create%20the%20alerts%20in%20CAS.%3C%2FP%3E%0A%3CP%3EOnce%20you%20enable%20the%20AATP-CAS%20integration%2C%20every%20AATP%20alert%20will%20automatically%20also%20appear%20in%20CAS.%3C%2FP%3E%0A%3CP%3EThe%20official%20API%20exist%20only%20for%20CAS.%20AATP%20does%20not%20have%20one%2C%20and%20likely%20never%20will.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1037026%22%20slang%3D%22en-US%22%3ERe%3A%20API%20Documentation%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1037026%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F106935%22%20target%3D%22_blank%22%3E%40Eli%20Ofek%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20your%20quick%20and%20enlightening%20reply.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENow%20I%20will%20understand%20why%20not%20all%20Azure%20ATP%20incidents%20are%20appearing%20in%20CAS%2C%20it%20must%20be%20some%20configuration%20that%20did%20not.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAgain%2C%20thank%20you%20very%20much!%3C%2FP%3E%3C%2FLINGO-BODY%3E
Regular Visitor

Hi Azure ATP Team,

 

Is there any documentation available on the API? We would like to integrate this with an application that we are developing.

5 Replies
Highlighted

No, at least not currently, we don't document this API as it can change after every update and we have no SDK like compatability that is built for customer usage.

 

Highlighted

@Eli OfekI need api documentation to do oauth02 authentication with Azure ATP. Just found Windows Defender ATP. Can you help me?

Highlighted

@David Hart 

Hi David, have you checked https://docs.microsoft.com/en-us/cloud-app-security/investigate-activities-api to get Azure ATP data through the cloud app security portal

Highlighted

@Or Tsemah 

 

Hi guy, would you help me?

 

I read this documentation, https://docs.microsoft.com/en-us/cloud-app-security/investigate-activities-api

But it's not exactly what I want. I want an api to receive Azure ATP data from Azure ATP.

How do I do this without having to create alerts in CAS?

Highlighted

@ArthurCalazans , you don't need to create the alerts in CAS.

Once you enable the AATP-CAS integration, every AATP alert will automatically also appear in CAS.

The official API exist only for CAS. AATP does not have one, and likely never will.