Microsoft

Microsoft Graph Security API provides a unified interface to access security alerts and incidents from multiple Microsoft security products including Microsoft Defender XDR, Microsoft Defender for Cloud, and Microsoft Sentinel. The v2 alerts schema provides enhanced alert details with standardized evidence entities and MITRE ATT&CK classification. 

The API aggregates security signals across email, endpoints, identities, and cloud applications into a unified alert format, enabling integration with third-party security platforms. It provides programmatic access to alerts with rich context including affected entities, evidence artifacts, investigation states, and recommended actions, facilitating cross-platform security operations workflows.