create a security api endpoint for investigations
ATP has been great - it automatically handles a lot of things for us. So I don't need to see all of the alerts that come through every day.
However, I do care about seeing the investigations as they need to happen - perhaps to automate it through flows or powerapps.
It would be great to have an API Endpoint for Investigations. I tried to correlate ThreatManagement alerts to items in the Investigations component, but the IDs don't line up. I don't see any other way to query for those id's.