Microsoft Defender · JSON-LD Context
Microsoft Defender Context
JSON-LD context defining the semantic vocabulary for Microsoft Defender from Microsoft Defender.
0 Classes
5 Properties
5 Namespaces
Namespaces
defender:
https://learn.microsoft.com/en-us/defender-endpoint/api/
security:
https://schema.org/SecurityEvent/
cve:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=
mitre:
https://attack.mitre.org/techniques/
xsd:
http://www.w3.org/2001/XMLSchema#
Properties
| Property | Type | Container |
|---|---|---|
| Alert | ||
| Machine | ||
| Vulnerability | ||
| AlertComment | ||
| AlertEvidence |
JSON-LD Document
{
"@context": {
"@version": 1.1,
"@vocab": "https://schema.org/",
"defender": "https://learn.microsoft.com/en-us/defender-endpoint/api/",
"security": "https://schema.org/SecurityEvent/",
"cve": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=",
"mitre": "https://attack.mitre.org/techniques/",
"xsd": "http://www.w3.org/2001/XMLSchema#",
"Alert": {
"@id": "defender:alerts",
"@context": {
"id": {
"@id": "identifier",
"@type": "xsd:string"
},
"title": {
"@id": "name",
"@type": "xsd:string"
},
"description": {
"@id": "description",
"@type": "xsd:string"
},
"alertCreationTime": {
"@id": "dateCreated",
"@type": "xsd:dateTime"
},
"lastEventTime": {
"@id": "defender:lastEventTime",
"@type": "xsd:dateTime"
},
"firstEventTime": {
"@id": "defender:firstEventTime",
"@type": "xsd:dateTime"
},
"lastUpdateTime": {
"@id": "dateModified",
"@type": "xsd:dateTime"
},
"resolvedTime": {
"@id": "defender:resolvedTime",
"@type": "xsd:dateTime"
},
"incidentId": {
"@id": "defender:incidentId",
"@type": "xsd:integer"
},
"investigationId": {
"@id": "defender:investigationId",
"@type": "xsd:integer"
},
"investigationState": {
"@id": "defender:investigationState",
"@type": "xsd:string"
},
"assignedTo": {
"@id": "defender:assignedTo",
"@type": "xsd:string"
},
"rbacGroupName": {
"@id": "defender:rbacGroupName",
"@type": "xsd:string"
},
"mitreTechniques": {
"@id": "defender:mitreTechniques",
"@container": "@set"
},
"severity": {
"@id": "security:severity",
"@type": "xsd:string"
},
"status": {
"@id": "defender:alertStatus",
"@type": "xsd:string"
},
"classification": {
"@id": "defender:classification",
"@type": "xsd:string"
},
"determination": {
"@id": "defender:determination",
"@type": "xsd:string"
},
"category": {
"@id": "category",
"@type": "xsd:string"
},
"detectionSource": {
"@id": "defender:detectionSource",
"@type": "xsd:string"
},
"threatFamilyName": {
"@id": "defender:threatFamilyName",
"@type": "xsd:string"
},
"threatName": {
"@id": "defender:threatName",
"@type": "xsd:string"
},
"machineId": {
"@id": "defender:machineId",
"@type": "xsd:string"
},
"computerDnsName": {
"@id": "defender:computerDnsName",
"@type": "xsd:string"
},
"aadTenantId": {
"@id": "defender:aadTenantId",
"@type": "xsd:string"
},
"detectorId": {
"@id": "defender:detectorId",
"@type": "xsd:string"
},
"comments": {
"@id": "comment",
"@container": "@set"
},
"evidence": {
"@id": "defender:evidence",
"@container": "@set"
}
}
},
"Machine": {
"@id": "defender:machine",
"@context": {
"id": {
"@id": "identifier",
"@type": "xsd:string"
},
"computerDnsName": {
"@id": "defender:computerDnsName",
"@type": "xsd:string"
},
"firstSeen": {
"@id": "dateCreated",
"@type": "xsd:dateTime"
},
"lastSeen": {
"@id": "dateModified",
"@type": "xsd:dateTime"
},
"osPlatform": {
"@id": "operatingSystem",
"@type": "xsd:string"
},
"onboardingStatus": {
"@id": "defender:onboardingStatus",
"@type": "xsd:string"
},
"version": {
"@id": "softwareVersion",
"@type": "xsd:string"
},
"osBuild": {
"@id": "defender:osBuild",
"@type": "xsd:integer"
},
"lastIpAddress": {
"@id": "defender:lastIpAddress",
"@type": "xsd:string"
},
"lastExternalIpAddress": {
"@id": "defender:lastExternalIpAddress",
"@type": "xsd:string"
},
"healthStatus": {
"@id": "defender:healthStatus",
"@type": "xsd:string"
},
"rbacGroupName": {
"@id": "defender:rbacGroupName",
"@type": "xsd:string"
},
"rbacGroupId": {
"@id": "defender:rbacGroupId",
"@type": "xsd:integer"
},
"riskScore": {
"@id": "defender:riskScore",
"@type": "xsd:string"
},
"aadDeviceId": {
"@id": "defender:aadDeviceId",
"@type": "xsd:string"
},
"machineTags": {
"@id": "keywords",
"@container": "@set"
},
"exposureLevel": {
"@id": "defender:exposureLevel",
"@type": "xsd:string"
},
"deviceValue": {
"@id": "defender:deviceValue",
"@type": "xsd:string"
},
"osArchitecture": {
"@id": "defender:osArchitecture",
"@type": "xsd:string"
}
}
},
"Vulnerability": {
"@id": "defender:vulnerability",
"@context": {
"id": {
"@id": "identifier",
"@type": "xsd:string"
},
"name": {
"@id": "name",
"@type": "xsd:string"
},
"description": {
"@id": "description",
"@type": "xsd:string"
},
"severity": {
"@id": "security:severity",
"@type": "xsd:string"
},
"cvssV3": {
"@id": "defender:cvssV3",
"@type": "xsd:double"
},
"cvssVector": {
"@id": "defender:cvssVector",
"@type": "xsd:string"
},
"exposedMachines": {
"@id": "defender:exposedMachines",
"@type": "xsd:integer"
},
"publishedOn": {
"@id": "datePublished",
"@type": "xsd:dateTime"
},
"updatedOn": {
"@id": "dateModified",
"@type": "xsd:dateTime"
},
"publicExploit": {
"@id": "defender:publicExploit",
"@type": "xsd:boolean"
},
"exploitVerified": {
"@id": "defender:exploitVerified",
"@type": "xsd:boolean"
},
"exploitInKit": {
"@id": "defender:exploitInKit",
"@type": "xsd:boolean"
},
"exploitTypes": {
"@id": "defender:exploitTypes",
"@container": "@set"
},
"exploitUris": {
"@id": "defender:exploitUris",
"@container": "@set",
"@type": "@id"
},
"cveSupportability": {
"@id": "defender:cveSupportability",
"@type": "xsd:string"
},
"epss": {
"@id": "defender:epss",
"@type": "xsd:double"
},
"status": {
"@id": "defender:vulnerabilityStatus",
"@type": "xsd:string"
}
}
},
"AlertComment": {
"@id": "defender:alertComment",
"@context": {
"comment": {
"@id": "text",
"@type": "xsd:string"
},
"createdBy": {
"@id": "author",
"@type": "xsd:string"
},
"createdTime": {
"@id": "dateCreated",
"@type": "xsd:dateTime"
}
}
},
"AlertEvidence": {
"@id": "defender:alertEvidence",
"@context": {
"entityType": {
"@id": "additionalType",
"@type": "xsd:string"
},
"evidenceCreationTime": {
"@id": "dateCreated",
"@type": "xsd:dateTime"
},
"sha1": {
"@id": "defender:sha1",
"@type": "xsd:string"
},
"sha256": {
"@id": "defender:sha256",
"@type": "xsd:string"
},
"fileName": {
"@id": "defender:fileName",
"@type": "xsd:string"
},
"filePath": {
"@id": "defender:filePath",
"@type": "xsd:string"
},
"processId": {
"@id": "defender:processId",
"@type": "xsd:integer"
},
"processCommandLine": {
"@id": "defender:processCommandLine",
"@type": "xsd:string"
},
"processCreationTime": {
"@id": "defender:processCreationTime",
"@type": "xsd:dateTime"
},
"parentProcessId": {
"@id": "defender:parentProcessId",
"@type": "xsd:integer"
},
"parentProcessCreationTime": {
"@id": "defender:parentProcessCreationTime",
"@type": "xsd:dateTime"
},
"parentProcessFileName": {
"@id": "defender:parentProcessFileName",
"@type": "xsd:string"
},
"parentProcessFilePath": {
"@id": "defender:parentProcessFilePath",
"@type": "xsd:string"
},
"ipAddress": {
"@id": "defender:ipAddress",
"@type": "xsd:string"
},
"url": {
"@id": "url",
"@type": "@id"
},
"accountName": {
"@id": "defender:accountName",
"@type": "xsd:string"
},
"domainName": {
"@id": "defender:domainName",
"@type": "xsd:string"
},
"userSid": {
"@id": "defender:userSid",
"@type": "xsd:string"
},
"aadUserId": {
"@id": "defender:aadUserId",
"@type": "xsd:string"
},
"userPrincipalName": {
"@id": "defender:userPrincipalName",
"@type": "xsd:string"
},
"detectionStatus": {
"@id": "defender:detectionStatus",
"@type": "xsd:string"
}
}
}
}
}