Microsoft Defender API - Live Response Session Logging
Hello, are there any plans to expose the Live Response session data via the API? The data I'd be particularly interested in would be: Command logs, who created the session, when the session started, and the duration of the session. We currently track incident investigation in a third party tool, if an analyst was required to open a Live Response session as part of remediation efforts, we'd ideally like to pull all resulting command logs into that ticket. This would also be great for longer term reporting and auditing purposes, e.g. pulling ALL Live Response session data into a log aggregation platform like ELK/QRadar/Splunk etc. I think it would be a great addition to the other machine actions that are exposed here: https://docs.microsoft.com/en-gb/windows/security/threat-protection/microsoft-defender-atp/machineaction Property: type Description: Type of the action. Possible values are: "RunAntiVirusScan", "Offboard", "CollectInvestigationPackage", "Isolate", "Unisolate", "StopAndQuarantineFile", "RestrictCodeExecution" and "UnrestrictCodeExecution"