Microsoft Defender for Endpoint has an API that we can interact with to pull alerts and events through Wazuh. The python scripts will pull events from the supported Defender for Endpoint API queries. These can be tied to a cronjob to pull during set intervals.
Endpoint APIs - Access the Microsoft Defender for Endpoint APIs
- Alerts
- Indicators
- Machines
- Domain
- Recommendations
- Exposure Score by Group
- Software
- Machine Vulnerabilities
SOCFortress -
