Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Threat & Vulnerability Management APIs are now generally available
Published Apr 13 2020 11:45 PM 23.4K Views
Microsoft

We are excited to announce that Microsoft Defender Advanced Threat Protection (ATP) Threat & Vulnerability Management APIs are now generally available!


Threat & Vulnerability Management APIs can help drive more clarity in your organization with customized views into your security posture and can also help alleviate your security teams’ workload. They do this by automating vulnerability management workflows—from data collection, to risk score analysis, and integrating its capabilities with your other organizational processes and solutions.


The new Threat & Vulnerability Management APIs are exposed through the standard Azure Active Directory-based authentication and authorization model which allows developers and Software-as-a-service (SaaS) application users easy access to robust functionalities. See our documentation for available APIs and try them out using the Microsoft Defender ATP API Explorer tool.

 

Now, let’s look at how you can use Threat & Vulnerability Management APIs in your daily security administration work.

 

Create custom interface and reports

With Threat & Vulnerability Management APIs, you can create meaningful reports while allowing flexibility in using the solution components, such as exposure score, installed software, vulnerabilities, and security recommendations in an automated fashion.

 

The custom interface that you’ll create can show just the right amount of information that you need at the right time, giving you a simpler task view or list for your day-to-day work. This can help streamline your user experience according to your organization’s needs.

 

In a previous blog, we walked you through creating custom reports using Microsoft Defender ATP APIs and Power BI. To build on the resources we shared for custom reports on GitHub, you can now also use this Threat & Vulnerability Management dashboard.

 

TVM APIs BI.png

 

Save time and resources through automation

Designed for automation-focused security teams, you can identify and expose common, repeatable activities so you can stop worrying about routine tasks and start investing in your greater vulnerability management strategy.

 

Looking for a good place to start? Check out the linked Power Automation to automate email notification on any new vulnerabilities that meet the criteria of your organization.

flow.png

 

To set this up:

  1. Follow the steps described here and create an app to access Microsoft Defender ATP APIs. Provide the app Vulnerability.Read.All permission.
  2. Import the TVM_FlowSample.Zip file linked to this blog and add it to your Power Automation environment.
  3. Set the Get vulnerabilities HTTP call with your app details:

connection.png

 

Get data visibility across solutions

You can invoke the API to drive data exchange between Microsoft Defender ATP Threat & Vulnerability Management and other solutions in your environment. In addition to ad-hoc integrations, we are constantly working on extending our network of partners.

 

Skybox® Security, a global leader in cybersecurity management, announced its partnership with Microsoft Defender ATP and the Microsoft Intelligent Security Association (MISA). This partnership will strengthen Skybox’s vulnerability detection capabilities with the inclusion of critical data from Threat & Vulnerability Management. It thereby expands Skybox’s vulnerability management for enterprises that continue to deploy workloads across hybrid and cloud network environments. Learn more about the integration here and watch this video for details.

 

If you would like to see additional integrations with Microsoft Defender ATP, go to the Partner Application page in the Microsoft Defender Security Center, and click Recommend other partners.

 

Solutions that can empower your organization

A typical enterprise depends on multiple security systems to operate and to combat advanced cyber adversaries. At Microsoft, we believe that when these solutions work together, you gain greater efficiency, speed, and stronger defenses. Threat & Vulnerability Management APIs can help empower you to deliver greater value to your vulnerability management program.


As always, we welcome and appreciate your feedback.
@Efrat Kliger 

 

9 Comments
Version history
Last update:
‎Jul 16 2020 02:13 PM
Updated by: