ZAP / Automated investigations API

%3CLINGO-SUB%20id%3D%22lingo-sub-2392534%22%20slang%3D%22en-US%22%3EZAP%20%2F%20Automated%20investigations%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2392534%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20an%20MSSP%20we%20handle%20a%20lot%20of%20investigations%20is%20there%20a%20way%20to%20handle%20them%20through%20an%20API%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2392646%22%20slang%3D%22en-US%22%3ERe%3A%20ZAP%20%2F%20Automated%20investigations%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2392646%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1064986%22%20target%3D%22_blank%22%3E%40KustoKing%3C%2FA%3E%26nbsp%3B-%20thanks%20for%20the%20question!%20Yes%2C%20there%20are%20a%20few%20ways%20that%20we%20can%20handle%20Automated%20Investigations%20via%20API%3A%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EYou%20can%20see%20individual%20AIR%20investigation%20details%20at%20the%20Office%20365%20Management%20API%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice%2Foffice-365-management-api%2Foffice-365-management-activity-api-schema%23automated-investigation-and-response-events-in-office-365%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EOffice%20365%20Management%20Activity%20API%20schema%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EAIR%20investigation%20details%20are%20also%20exposed%20as%20a%20part%20of%20the%20Microsoft%20365%20Defender%20Incident%20API%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender%2Fapi-list-incidents%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EList%20incidents%20API%20in%20Microsoft%20365%20Defender%20%7C%20Microsoft%20Docs%3C%2FA%3E%26nbsp%3B%3C%2FLI%3E%0A%3C%2FOL%3E%3C%2FLINGO-BODY%3E
New Contributor

As an MSSP we handle a lot of investigations is there a way to handle them through an API?

1 Reply

@KustoKing - thanks for the question! Yes, there are a few ways that we can handle Automated Investigations via API: 

  1. You can see individual AIR investigation details at the Office 365 Management API: Office 365 Management Activity API schema | Microsoft Docs
  2. AIR investigation details are also exposed as a part of the Microsoft 365 Defender Incident API: List incidents API in Microsoft 365 Defender | Microsoft Docs 
www.000webhost.com