| title | description | ms.service | ms.author | author | ms.localizationpriority | manager | audience | ms.collection | ms.topic | ms.subservice | ms.custom | search.appverid | ms.date | |||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
File resource type |
Retrieve recent Microsoft Defender for Endpoint alerts related to files. |
defender-endpoint |
deniseb |
denisebmsft |
medium |
deniseb |
ITPro |
|
reference |
reference |
api |
met150 |
12/18/2020 |
[!INCLUDE Microsoft Defender XDR rebranding]
Applies to:
Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.
[!includeMicrosoft Defender for Endpoint API URIs for US Government]
[!includeImprove request performance]
Represent a file entity in Defender for Endpoint.
| Method | Return Type | Description |
|---|---|---|
| Get file | file | Get a single file |
| List file related alerts | alert collection | Get the alert entities that are associated with the file. |
| List file related machines | machine collection | Get the machine entities associated with the alert. |
| file statistics | Statistics summary | Retrieves the prevalence for the given file. |
| Property | Type | Description |
|---|---|---|
| sha1 | String | Sha1 hash of the file content |
| sha256 | String | Sha256 hash of the file content |
| globalPrevalence | Nullable long | File prevalence across organization |
| globalFirstObserved | DateTimeOffset | First time the file was observed |
| globalLastObserved | DateTimeOffset | Last time the file was observed |
| size | Nullable long | Size of the file |
| fileType | String | Type of the file |
| isPeFile | Boolean | true if the file is portable executable (for example DLL, EXE, etc.) |
| filePublisher | String | File publisher |
| fileProductName | String | Product name |
| signer | String | File signer |
| issuer | String | File issuer |
| signerHash | String | Hash of the signing certificate |
| isValidCertificate | Boolean | Was signing certificate successfully verified by Microsoft Defender for Endpoint agent |
| determinationType | String | The determination type of the file |
| determinationValue | String | Determination value |
{
"sha1": "4388963aaa83afe2042a46a3c017ad50bdcdafb3",
"sha256": "413c58c8267d2c8648d8f6384bacc2ae9c929b2b96578b6860b5087cd1bd6462",
"globalPrevalence": 180022,
"globalFirstObserved": "2017-09-19T03:51:27.6785431Z",
"globalLastObserved": "2020-01-06T03:59:21.3229314Z",
"size": 22139496,
"fileType": "APP",
"isPeFile": true,
"filePublisher": "CHENGDU YIWO Tech Development Co., Ltd.",
"fileProductName": "EaseUS MobiSaver for Android",
"signer": "CHENGDU YIWO Tech Development Co., Ltd.",
"issuer": "VeriSign Class 3 Code Signing 2010 CA",
"signerHash": "6c3245d4a9bc0244d99dff27af259cbbae2e2d16",
"isValidCertificate": false,
"determinationType": "Pua",
"determinationValue": "PUA:Win32/FusionCore"
}