M365 Defender EDR API

The Microsoft Defender for Endpoint connector enables you to integrate UiPath with Microsoft Defender for Endpoint.

The Microsoft Defender for Endpoint Connector allows you to integrate UiPath workflows with Microsoft Defender for Endpoint. This enables the retrieval of security-related data and the execution of device-level and alert-based actions as part of automated security or IT processes.

With this connector, you can automate tasks such as querying alerts, investigating threat indicators, managing device tags, and triggering antivirus scans - directly within the Defender environment - improving incident response and security operations efficiency.

The Microsoft Defender for Endpoint connector provides the following activities:

1. Get Machine Missing KBs - Retrieves missing KBs (security updates) by device ID. 

2. Get Alert Information - Retrieves specific Alert by its ID. 

3. Get Alert Related Domain Information - Retrieves all domains related to a specific alert. 

4. Get Alert Related Files - Retrieves all files related to a specific alert. 

5. Get Alert Related IP - Retrieves all IPs related to a specific alert. 

6. Get Domain Alerts - Retrieves all alerts related to a specific domain. 

7. Get Domain Related Machines - Retrieves a collection of Machines that have communicated to or from a given domain address. 

8. Get File Information - Retrieves a File by identifier Sha1. 

9. Get File Related Alerts - Retrieves a collection of alerts related to a given file sha1. 

10. Get File Related Machines - Retrieves a collection of Machines related to a given file hash. 

11. Submit Indicator - Submits or Updates new Indicator entity. 

12. Get IP Related Alerts - Retrieves a collection of alerts related to a given IP address. 

13. Get IP Statistics - Retrieves the statistics for the given IP. 

14. Get Machine by ID - Retrieves specific Machine by its device ID. 

15. Get Machine Related Alerts - Retrieves all Alerts related to a specific device. 

16. Get Machine Logon Users - Retrieves a collection of logged on users on a specific device. 

17. Get Security Recommendations - Retrieves a collection of security recommendations related to a given device ID. 

18. Run Antivirus Scan - Initiate Microsoft Defender Antivirus scan on a device. 

19. Get Installed Software - Retrieves a collection of installed software related to a given device ID. 

20. Add Or Remove Tag - Adds or removes a tag for a specific device. 

21. Get Discovered Vulnerabilities - Retrieves a collection of discovered vulnerabilities related to a given device ID.