Forum Discussion
Search Defender database?
- I tried this in my test environment using the API explorer in the M365D portal, and it seems to work fine.
I have never tried though so not sure if it will work.
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/get-file-information?view=o365-worldwide
- I tried this in my test environment using the API explorer in the M365D portal, and it seems to work fine.
Hey Jonhed
Thankyou so much for your response! I didn't even know that existed!!
This is the closest that I'm going to get. Interestingly, it seems to provide inconsistent results for example,. if I search for this (Sha256):
EX1) a5516c47fda1033a8212d76ba38ef5d9ec129c6369a73377a204268c16168202I get nothing
If I search for this (SHA1):
EX2) 93ff13c276abb159853cc8cbd8f6ef2fb1d6729fI get results which also contain the Sha256 hash from EX1! Crazy!
I'll have a read and see if I can work out why\what I'm doing wrong, but thanks very much for putting me on this track!
The documentation says sha1 or sha256, but when looking at the API explorer in the M365D portal, the URL in the sample query for getting file info shows as below, with "file-sha1", so maybe the API only expects a sha1. This seems to be something that only Microsoft can shed light on.
https://api-xx.securitycenter.windows.com/api/files/{file-sha1}