Welcome

Microsoft provides APIs for an automation of submitting various security reports. Security Updates Guide is a great place to report Abuse, Penetration Testing activity or submit Service Security Issues.

This project contains sample code and documentation for the Microsoft Engage API (https://portal.msrc.microsoft.com/en-us/engage/cars), including:

1. Abuse reports originating from Microsoft Online Services, such as Microsoft Azure, Bing, Outlook, One Drive, and Office 365. This includes malicious network activity originating from a Microsoft IP addresses.
2. Azure Service customer-driven penetration testing notifications in a derivative of the CARS (Cloud Abuse Reporting Schema) as JSON
3. Microsoft Service Security Issues, such as security misconfigurations, vulnerabilities, and other security related issues.

API Keys

The Security Updates API requires an API key. To obtain an API key please visit the Security Updates Guide. For help using the Security Updates Guide please visit the Security Updates Guide Community Forum. NOTE: Currently generating api keys requires an @outlook.com, @live.com, or @microsoft.com email address. If you do not have one of these email addresses, you can create a personal outlook account to access this service while we investigate this issue.

Change Log

Uploaded C#, Python and Ruby code samples as well as CARS Swagger file.

Contributing

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

It is Microsoft’s mission to empower every person and every organization on the planet to achieve more. We thank you for helping shape that future by keeping the world a more secure place by tooling security into your organization’s practices. We would love to hear your feedback on features to add or bugs to fix.