ZAP / Automated investigations API

New Contributor

As an MSSP we handle a lot of investigations is there a way to handle them through an API?

1 Reply

@KustoKing - thanks for the question! Yes, there are a few ways that we can handle Automated Investigations via API: 

  1. You can see individual AIR investigation details at the Office 365 Management API: Office 365 Management Activity API schema | Microsoft Docs
  2. AIR investigation details are also exposed as a part of the Microsoft 365 Defender Incident API: List incidents API in Microsoft 365 Defender | Microsoft Docs