Windows Defender ATP API vs Security Graph API

%3CLINGO-SUB%20id%3D%22lingo-sub-359592%22%20slang%3D%22en-US%22%3EWindows%20Defender%20ATP%20API%20vs%20Security%20Graph%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-359592%22%20slang%3D%22en-US%22%3E%3CP%3EWill%20these%20two%20merge%20into%20one%3F%26nbsp%3B%20Or%20for%20more%20detailed%20WDATP%20information%20we%20should%20code%20against%20the%20WDATP%20API%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-692760%22%20slang%3D%22en-US%22%3ERE%3A%20Windows%20Defender%20ATP%20API%20vs%20Security%20Graph%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-692760%22%20slang%3D%22en-US%22%3EMicrosoft%20Graph%20Security%20API%20enables%20you%20to%20access%20different%20entities%20like%20alerts%2C%20tiIndicators%2C%20etc.%20across%20multiple%20security%20products%20including%20Windows%20Defender%20ATP%20using%20a%20single%20programmatic%20interface%20and%20unified%20schema.%20Considering%20integrations%20with%20multiple%20products%20the%20goal%20is%20to%20surface%20entities%20and%20information%20that%20applies%20to%20most%20of%20the%20products%20so%20that%20we%20can%20provide%20enriched%20correlation%20capabilities%20across%20these%20different%20products.%20Nuanced%20features%20like%2C%20detailed%20logs%2C%20which%20is%20product%20specific%20can%20be%20accessible%20directly%20by%20querying%20the%20product.%20Scenario%20based%20guidance%20on%20these%20is%20detailed%20in%20the%20building%20connected%20security%20solutions%20developer%20guide%20%40%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fsecuritydevwhitepaper%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2Fsecuritydevwhitepaper%3C%2FA%3E%3C%2FLINGO-BODY%3E
New Contributor

Will these two merge into one?  Or for more detailed WDATP information we should code against the WDATP API?

 

 

1 Reply
Microsoft Graph Security API enables you to access different entities like alerts, tiIndicators, etc. across multiple security products including Windows Defender ATP using a single programmatic interface and unified schema. Considering integrations with multiple products the goal is to surface entities and information that applies to most of the products so that we can provide enriched correlation capabilities across these different products. Nuanced features like, detailed logs, which is product specific can be accessible directly by querying the product. Scenario based guidance on these is detailed in the building connected security solutions developer guide @ https://aka.ms/securitydevwhitepaper
www.000webhost.com