Aiming to safeguard enterprise users against cyberattacks and security threats, Microsoft has come up with some new measures and Threat Protection APIs. Enterprise customers enable security teams to address various threats. But to achieve this, organizations need to build their own custom automation logic to automate various essential tasks and procedures.
New Microsoft Threat Protection APIs
Microsoft has announced the public preview of its Threat Protection Incident and Hunting APIs. What’s more, Microsoft Threat Protection alerts will be available in the coming days, courtesy of the Microsoft Graph Security API. Thanks to these additions, Microsoft says Threat Protection is now an integration-ready platform.
In its blog post, Microsoft wrote:
“A typical enterprise environment often requires customers to augment security solutions by building their own custom automation logic to automate procedures, integrate data, and orchestrate actions to enable security teams to effectively operate and respond to threats.”
In the Microsoft Threat Protection API model, Microsoft Defender ATP has a layered API approach to expose data and capabilities, courtesy of a standard Azure Active Directory (AAD) based authorization and authentication.
Meanwhile, the newly-announced APIs will automate workflows accordingly. For instance, the Incidents API will enable Microsoft Threat Protection to help security teams focus on what’s important. The primary job is to ensure the scope of attack and assets impacted by the same are linked together.
Cross-product threat hunting API will help organizations hunt for signs of compromise, courtesy of your own custom queries.
“We will gradually expand the set of APIs and expanding our ecosystem to fulfill the needs of security operations teams, enabling interoperability with enterprise security applications and automation,” Microsoft added.
Last but not least, the Microsoft Graph Security API has a programmatic interface to offer. This way, it can connect multiple Microsoft security solutions. In the coming weeks, the Microsoft Graph Security Alert API will be able to show Microsoft Threat Protection alerts and custom detection created by the customer.