Microsoft Threat Protection (MTP) is a platform that provides organizations cross-domain threat detection and response mechanisms within their Microsoft 365 environments. It collects raw data from several endpoints across individual domains, and analyzes it to give a complete view of attack surfaces so that they can be detected, investigated, prevented, and responded to in an efficient manner.
Microsoft has announced new APIs for MTP, stating that the platform is now "integration-ready".
The Incidents API reveals comprehensive details about MTP incidents and is an evolution over simple alert mechanisms. It allows security teams to monitor and analyze the full scope of attacks and impacted services, including information about severity and entities responsible for alerts.
The Cross-product threat hunting API allows security professionals query-based access to raw datastores in MTP so that they can utilize their own expertise and existing knowledge to create custom queries to detect threats.
Additionally, Microsoft has also announced Splunk Enterprise and Micro Focus ArcSight FlexConnector security information and event management (SIEM) connectors, which are now available in preview mode. The former allows organizations to integrate security incidents with Splunk Enterprise while the latter offers the same integration with ArcSight.
Lastly, the firm has stated that MTP alerts will be available soon via the Microsoft Graph Security API. Microsoft states that it plans to add an event streaming interface as well, which will stream event data into external sources so security professionals can analyze it with other data sources and develop custom analytics. The future roadmap for the platform also includes exposing more APIs to meet the needs of security professionals.