Defend API

Base URL: https://api.theonedefend.app

Authentication

Most endpoints require a valid session cookie or integration key. Endpoints marked Public require no authentication.

Endpoints Summary

54 endpoints discovered across 2 function app(s).

Method	Route	Auth
`POST`	`/api/admin/trigger-feature-extraction`	Public
`POST`	`/api/agents/{action}`	Public
`GET`	`/api/alerts/{alertId}`	Public
`PATCH`	`/api/alerts/{alertId}`	Public
`POST`	`/api/alerts/{alertId}/escalate`	Public
`POST`	`/api/alerts/{alertId}/label`	Public
`GET`	`/api/auth/portal-sso`	Public
`POST`	`/api/auth/portal-sso`	Public
`POST`	`/api/compliance/generate`	Public
`GET`	`/api/compliance/reports`	Public
`GET`	`/api/compliance/reports/{id}`	Public
`GET`	`/api/compliance/reports/{id}/download`	Public
`GET`	`/api/defend/crl`	Public
`POST`	`/api/defend/enroll`	Public
`POST`	`/api/defend/tamper`	Public
`GET`	`/api/defend/update/check`	Public
`PATCH`	`/api/devices/{deviceId}/alert-threshold`	Public
`GET`	`/api/devices/{deviceId}/anomaly-history`	Public
`GET`	`/api/devices/{deviceId}/behavioral-profile`	Public
`POST`	`/api/devices/enroll`	Public
`GET`	`/api/healthz`	Public
`POST`	`/api/hunting/query`	Public
`POST`	`/api/hunting/schedules`	Public
`GET`	`/api/hunting/schedules-list`	Public
`DELETE`	`/api/hunting/schedules/{scheduleId}`	Public
`GET`	`/api/hunting/templates`	Public
`GET`	`/api/intel/audit`	Public
`POST`	`/api/intel/contribute`	Public
`GET`	`/api/intel/cross-tenant`	Public
`POST`	`/api/investigation/{alertId}/notes`	Public
`GET`	`/api/investigation/device-timeline`	Public
`GET`	`/api/investigation/lateral-movement`	Public
`GET`	`/api/investigation/process-tree`	Public
`POST`	`/api/m365-webhook`	Public
`GET`	`/api/mitre/coverage`	Public
`GET`	`/api/mitre/detections-by-technique`	Public
`GET`	`/api/ml-deployment/{deploymentId}/correlation`	Public
`GET`	`/api/ml-deployment/current`	Public
`GET`	`/api/ml-deployment/current/ring-health`	Public
`GET`	`/api/ml-deployment/history`	Public
`GET`	`/api/permissions/manifest`	Public
`POST`	`/api/permissions/register`	Public
`GET`	`/api/portal/security-posture`	Public
`GET`	`/api/recovery/{operationId}/report`	Public
`POST`	`/api/recovery/test`	Public
`GET`	`/api/response/actions`	Public
`POST`	`/api/response/actions`	Public
`GET`	`/api/response/actions/{actionId}`	Public
`POST`	`/api/response/actions/{actionId}/approve`	Public
`POST`	`/api/response/actions/{actionId}/cancel`	Public
`GET`	`/api/response/config`	Public
`PATCH`	`/api/response/config`	Public
`GET`	`/api/settings/ml-opt-in`	Public
`PATCH`	`/api/settings/ml-opt-in`	Public

Endpoint Details

Admin

POST/api/admin/trigger-feature-extraction
Create trigger feature extraction
Auth: Public

Agents

POST/api/agents/{action}
Create agents
Auth: Public

Alerts

GET/api/alerts/{alertId}
List or retrieve alerts
Auth: Public

PATCH/api/alerts/{alertId}
Update alerts
Auth: Public

POST/api/alerts/{alertId}/escalate
Create escalate
Auth: Public

POST/api/alerts/{alertId}/label
Create label
Auth: Public

Auth

GET/api/auth/portal-sso
List or retrieve portal sso
Auth: Public

POST/api/auth/portal-sso
Create portal sso
Auth: Public

Compliance

POST/api/compliance/generate
Create generate
Auth: Public

GET/api/compliance/reports
List or retrieve reports
Auth: Public

GET/api/compliance/reports/{id}
List or retrieve reports
Auth: Public

GET/api/compliance/reports/{id}/download
List or retrieve download
Auth: Public

Defend

GET/api/defend/crl
List or retrieve crl
Auth: Public

POST/api/defend/enroll
Create enroll
Auth: Public

POST/api/defend/tamper
Create tamper
Auth: Public

GET/api/defend/update/check
List or retrieve check
Auth: Public

Devices

PATCH/api/devices/{deviceId}/alert-threshold
Update alert threshold
Auth: Public

GET/api/devices/{deviceId}/anomaly-history
List or retrieve anomaly history
Auth: Public

GET/api/devices/{deviceId}/behavioral-profile
List or retrieve behavioral profile
Auth: Public

POST/api/devices/enroll
Create enroll
Auth: Public

Healthz

GET/api/healthz
List or retrieve healthz
Auth: Public

Hunting

POST/api/hunting/query
Create query
Auth: Public

POST/api/hunting/schedules
Create schedules
Auth: Public

GET/api/hunting/schedules-list
List or retrieve schedules list
Auth: Public

DELETE/api/hunting/schedules/{scheduleId}
Delete schedules
Auth: Public

GET/api/hunting/templates
List or retrieve templates
Auth: Public

Intel

GET/api/intel/audit
List or retrieve audit
Auth: Public

POST/api/intel/contribute
Create contribute
Auth: Public

GET/api/intel/cross-tenant
List or retrieve cross tenant
Auth: Public

Investigation

POST/api/investigation/{alertId}/notes
Create notes
Auth: Public

GET/api/investigation/device-timeline
List or retrieve device timeline
Auth: Public

GET/api/investigation/lateral-movement
List or retrieve lateral movement
Auth: Public

GET/api/investigation/process-tree
List or retrieve process tree
Auth: Public

M365 Webhook

POST/api/m365-webhook
Create m365 webhook
Auth: Public

Mitre

GET/api/mitre/coverage
List or retrieve coverage
Auth: Public

GET/api/mitre/detections-by-technique
List or retrieve detections by technique
Auth: Public

Ml Deployment

GET/api/ml-deployment/{deploymentId}/correlation
List or retrieve correlation
Auth: Public

GET/api/ml-deployment/current
List or retrieve current
Auth: Public

GET/api/ml-deployment/current/ring-health
List or retrieve ring health
Auth: Public

GET/api/ml-deployment/history
List or retrieve history
Auth: Public

Permissions

GET/api/permissions/manifest
List or retrieve manifest
Auth: Public

POST/api/permissions/register
Create register
Auth: Public

Portal

GET/api/portal/security-posture
List or retrieve security posture
Auth: Public

Recovery

GET/api/recovery/{operationId}/report
List or retrieve report
Auth: Public

POST/api/recovery/test
Create test
Auth: Public

Response

GET/api/response/actions
List or retrieve actions
Auth: Public

POST/api/response/actions
Create actions
Auth: Public

GET/api/response/actions/{actionId}
List or retrieve actions
Auth: Public

POST/api/response/actions/{actionId}/approve
Create approve
Auth: Public

POST/api/response/actions/{actionId}/cancel
Create cancel
Auth: Public

GET/api/response/config
List or retrieve config
Auth: Public

PATCH/api/response/config
Update config
Auth: Public

Settings

GET/api/settings/ml-opt-in
List or retrieve ml opt in
Auth: Public

PATCH/api/settings/ml-opt-in
Update ml opt in
Auth: Public

note

This reference is auto-generated from source code. Run npx tsx scripts/generate-api-docs.ts from the ops-center repo to refresh.

Authentication​

Endpoints Summary​

Endpoint Details​

Admin​

Agents​

Alerts​

Auth​

Compliance​

Defend​

Devices​

Healthz​

Hunting​

Intel​

Investigation​

M365 Webhook​

Mitre​

Ml Deployment​

Permissions​

Portal​

Recovery​

Response​

Settings​