Defender ATP - API Timeline Query RRS feed

  • Question

  • Working with a SOAR platform and trying to query machines timeline in relation to an alert. We have successfully connected to the API and are able to query general information from the machine but we are trying to get specific information related to the processes running and whatnot that is shown in the timeline on the GUI (securitycenter) site

    Can this be done either via API or with the advanced hunting query language?

    Thursday, June 4, 2020 6:19 PM