Image showing security alerts API aggregating alerts from multiple sources for an application

Use one API to access security alerts from Microsoft and partners

Calls to the Security API are federated to all supported Microsoft security products, services, and partners. The results are aggregated in a common schema, making it easier to correlate alerts from multiple sources. By connecting and enriching alerts, you can more easily understand the scope and impact of an attack. Query for all alerts pertaining to specific users, devices, files, or even command lines when investigating a specific threat or use webhook subscriptions to get notified when any new alert matching your search criteria is created or updated.

Image showing an alert update with status, assignment, feedback, and tags.

Update alert tags, status, and assignments

Tag alerts with additional context or threat intelligence to inform response and remediation. Ensure that comments and feedback on alerts are captured for visibility to all workflows. Keep alert status and assignments in sync so that all integrated solutions reflect the current state. Use webhook subscriptions to get notified of changes.