Microsoft security center api filter not working
Question
I'm attempting to use this URI to find a specific machine ID so then we can query for the most recent logged on user. When I run this I get an output of all the devices in defender. I'm stuck and not sure where to go from here
https://api.securitycenter.microsoft.com/api/machines?$filter=computerDnsName eq 'computer name goes here"
2 answers
solution1
0 2022-03-11 16:53:31
Find the machine id and use this api - https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/get-machine-log-on-users?view=o365-worldwide
https://api.securitycenter.microsoft.com/api/machines/'machine id'/logonuser
solution2
0 2022-03-14 19:59:26
To find the ID based on device name use this API call.
https://api.securitycenter.microsoft.com/api/machines?$filter=computerDnsName eq 'Device Name goes here'. Once you get the device name you can then do the logged on user look up using this.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.