npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

n8n-nodes-msdefender

v1.8.1

Published

Integration with Microsoft Defender API

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

reothorreothor

Keywords

n8n-community-node-package

Readme

n8n-nodes-msdefender

CI

This is an n8n community node. It lets you use Microsoft Defender in your n8n workflows.

Microsoft Defender is a comprehensive security solution that helps protect your devices and data from threats. This node allows you to interact with the Microsoft Defender API to perform various security operations, such as managing devices, retrieving threat intelligence, and more.

For a some background, visit I made a n8n node for Microsoft Defender.

n8n is a fair-code licensed workflow automation platform.

Installation
Operations
Credentials
Compatibility
Usage
Resources
Version history

Installation

Follow the installation guide in the n8n community nodes documentation.

Operations

Defender for Endpoint

  • Advanced Query: Run advanced queries against Microsoft Defender.
  • Alert: Manage and retrieve information about security alerts.
    • Get Many: Retrieve many alerts.
    • Get By ID: Retrieve a specific alert by its ID.
    • Update Alert: Update the properties of a specific alert.
  • Remediation: Manage and retrieve information about remediation activities.
    • Get Remediation Activities: Retrieve all remediation activities.
    • Get Remediation Activity: Retrieve a specific remediation activity by ID.
    • Get Devices By Remediation Activity: Retrieve devices exposed in a specific remediation activity by ID
  • Machine: Manage and retrieve information about devices.
    • Add Or Remove Tag For Machine
    • Find By Tag
    • Get Many: Retrieve many machines.
    • Get Security Recommendations For Machine
    • List Installed Software For Machine
  • Exposure
    • Get Current Exposure Score
    • Get Exposure Score By Machine Groups.
  • Machine Actions
    • Isolate Machine
    • Release Machine from Isolation
    • List Machine Actions
    • Offboard Machine
    • Cancel Machine Action
    • Run Antivirus Scan
  • Vulnerability
    • Get All Vulnerabilities
    • Get Machines By CVE
    • Get By Machine And Software
  • Investigation
    • Get All Investigations
    • Get Investigation By ID
    • Start Investigation on Machine
  • Indicator
    • Get All Indicators
    • Submit Indicator
    • Delete Indicator
  • Recommendation
    • Get Security Recommendations
    • Get Security Recommendation By ID
    • Get Machines By Security Recommendation
    • Get Vulnerabilities By Security Recommendation
    • Get Recommendations By Software
  • Software
    • Get All Software
    • Get Software By ID
    • Get Software Version Distribution
    • Get Machines By Software
    • Get Vulnerabilities By Software
    • Get Missing KBs By Software

Defender XDR

  • Incident: Manage and retrieve information about security incidents.
    • Get Many: Retrieve many incidents.
    • Get By ID: Retrieve a specific incident by its ID.
    • Update Incident: Update the properties of a specific incident.

Triggers

  • Microsoft Defender for Endpoint Trigger
    • Polling trigger for alerts created or updated
  • Microsoft Defender XDR Trigger
    • Polling trigger for incidents created or updated

Credentials

To use this node, you need to set up an Entra ID (Azure AD) application and obtain the necessary credentials to access the Microsoft Defender API.

  1. Register an application in the Azure Portal.
  2. Assign the required API application permissions to the application for Microsoft Defender (WindowsDefenderATP).
    • AdvancedQuery.Read.All
    • Machine.ReadWrite.All
    • Score.Read.All
    • Machine.Isolate
    • Vulnerability.Read.All
    • SecurityRecommendation.Read.All
    • Machine.Scan
    • Machine.Offboard
  3. Assign the required API application permissions to the application for Microsoft Defender XDR (Microsoft Threat Protection).
    • Incidents.ReadWrite.All
  4. Grant admin consent for the permissions.
  5. Generate a client secret for the application.
  6. Note down the Application (client) ID, Directory (tenant) ID, and client secret.

When configuring the Microsoft Defender node in n8n, use the following credentials:

  • Client ID: The Application (client) ID from your Azure AD application.
  • Client Secret: The client secret generated for your Azure AD application.
  • Access Token URL: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token

There are two separate credentials for Microsoft Defender and Microsoft Defender XDR, so be sure to set up both if you plan to use both nodes.

Compatibility

This node is compatible with latest n8n versions.

Usage

Try it out

Resources

Version history

Changelog