Forum Discussion
Search Defender database?
Hi,
Apologies if this is a stupid question - Is it possible to search Windows ATP Defender threat database for the existence of an entry? The reason for this is looking to ratify the claims of a different product vendor that say "Microsoft ATP missed this one". I want to take some of the provided hashes and see if Defender knows about them. I've performed searches for entries through our Sentinel watchlists, but need to interrogate our Defender intel.
Any ideas?
Thanks
- I tried this in my test environment using the API explorer in the M365D portal, and it seems to work fine.
- For example, did Defender detect Biglock from 30 Dec 21? I don't want to find out the hard way. At the same time, there's no obvious easy way to find out either.
- You might be able to check it with this API.
I have never tried though so not sure if it will work.
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/get-file-information?view=o365-worldwide- I tried this in my test environment using the API explorer in the M365D portal, and it seems to work fine.
