# ContraForce > ContraForce Knowledge Base ## Docs - [Partner API (Deprecated)](https://docs.contraforce.com/api-reference-hidden/partner-api.md): The legacy Partner API is being sunset. New integrations should use the service-account-based ContraForce API. - [Create Plant](https://docs.contraforce.com/api-reference/endpoint/create.md): Creates a new plant in the store - [Delete Plant](https://docs.contraforce.com/api-reference/endpoint/delete.md): Deletes a single plant based on the ID supplied - [Get Plants](https://docs.contraforce.com/api-reference/endpoint/get.md): Returns all plants from the system that the user has access to - [New Plant](https://docs.contraforce.com/api-reference/endpoint/webhook.md): Information about a new plant added to the store - [Endpoint Reference](https://docs.contraforce.com/api-reference/endpoints.md): Every v2 API endpoint grouped by scope, with full route paths and descriptions. - [Introduction](https://docs.contraforce.com/api-reference/introduction.md): Example section for showcasing API endpoints - [Object Models](https://docs.contraforce.com/api-reference/models.md): Copy-pasteable JSON request and response examples for the ContraForce v2 API. - [After the Breach: A Complete Playbook for Business Recovery and Stakeholder Communication](https://docs.contraforce.com/blog/after-the-breach.md) - [10 Ways ContraForce Uniquely Automates Multi-Tenant Management of Microsoft Sentinel and Defender](https://docs.contraforce.com/blog/agentic-ai/10-ways-multi-tenant-automation.md): Discover the 10 unique ways ContraForce automates multi-tenant management of Microsoft Sentinel and Microsoft Defender for Endpoint. - [How MSSPs Can Implement the New CISA Guidance for SIEM and SOAR](https://docs.contraforce.com/blog/agentic-ai/cisa-siem-soar-guidance.md): Understanding the new CISA guidance for SIEM and SOAR and how MSSPs can implement these recommendations with ContraForce. - [7 Essential Features to Become a Managed Security Service Provider](https://docs.contraforce.com/blog/agentic-ai/mssp-essential-features.md): The 7 essential features and capabilities needed to become a successful managed security service provider. - [Security Delivery Platform: Re-imagining Security Services](https://docs.contraforce.com/blog/agentic-ai/security-delivery-platform-reimagining.md): How Security Delivery Platforms are reimagining managed security services for MSPs and MSSPs. - [The SIEM Vendor Landscape Is Changing. What Does That Mean for MDR Providers?](https://docs.contraforce.com/blog/agentic-ai/siem-vendor-landscape.md): Understanding the evolving SIEM vendor landscape and its implications for MDR providers and managed security services. - [What Are Security Delivery Agents? Understanding Agentic AI in Security Operations](https://docs.contraforce.com/blog/agentic-ai/what-are-security-delivery-agents.md): Security Delivery Agents are autonomous AI agents that investigate and respond to security incidents — not chatbots, not copilots, but agents that take action on your behalf. - [ContraForce Named Security Orchestration Solution of the Year in 2025 CyberSecurity Breakthrough Awards](https://docs.contraforce.com/blog/company/cybersecurity-breakthrough-awards-2025.md): ContraForce has been named Security Orchestration Solution of the Year in the 2025 CyberSecurity Breakthrough Awards program. - [ContraForce's New US Distribution Agreement with Ingram Micro](https://docs.contraforce.com/blog/company/ingram-micro-distribution.md): ContraForce announces a US distribution agreement with Ingram Micro, making it easier for MSPs to access the ContraForce Security Delivery Platform. - [ContraForce Selected for Microsoft for Startups Pegasus Program](https://docs.contraforce.com/blog/company/microsoft-pegasus-program.md): ContraForce has been selected for the Microsoft for Startups Pegasus Program, recognizing our innovative approach to security service delivery. - [ContraForce Recognized as a Microsoft Security Excellence Awards Finalist for Security Software Development Company](https://docs.contraforce.com/blog/company/microsoft-security-excellence-finalist.md): ContraForce has been named a finalist in the Microsoft Security Excellence Awards for Security Software Development Company, recognizing our innovation and customer impact in the security landscape. - [ContraForce Honored as 2024 SC Awards Winner](https://docs.contraforce.com/blog/company/sc-awards-winner-2024.md): ContraForce has been honored as a winner in the 2024 SC Awards, recognizing excellence in cybersecurity solutions. - [ContraForce Completes SOC 2 Type II for the Fourth Time](https://docs.contraforce.com/blog/company/soc-2-type-ii-fourth-time.md): ContraForce has completed SOC 2 Type II certification for the fourth consecutive time, demonstrating ongoing commitment to security and trust. - [The Complete Cyber Insurance Buying Guide: What Every Business Needs to Know Before, During, and After a Policy](https://docs.contraforce.com/blog/complete-cyber-insurance-buying-guide.md) - [How to Build a Cybersecurity Budget and Justify ROI to Your Board](https://docs.contraforce.com/blog/how-to-build-a-cybersecurity-budget.md) - [How to Build Your Cybersecurity Stack: A Vendor-Neutral Guide for Small and Mid-Sized Businesses](https://docs.contraforce.com/blog/how-to-build-your-cybersecurity-stack.md) - [ContraForce Blog](https://docs.contraforce.com/blog/index.md): Insights on agentic AI, security service delivery, and the future of managed security — from the team building the platform. - [5 Ways ContraForce Helps MSPs Reduce Their Customers' Cyber Insurance Costs](https://docs.contraforce.com/blog/outcomes-value/msp-cyber-insurance-costs.md): How MSPs using ContraForce can help their customers qualify for better cyber insurance terms, lower premiums, and improved coverage through measurable security improvements. - [Scaling Security Delivery Without Scaling Headcount](https://docs.contraforce.com/blog/outcomes-value/scale-security-delivery.md): How MSPs and MSSPs use ContraForce to manage more customers, close incidents faster, and deliver consistent security outcomes — without hiring more analysts. - [ContraForce Improves Case Management with Datto Autotask PSA Integration](https://docs.contraforce.com/blog/product-announcements/autotask-psa-integration.md): ContraForce announces integration with Datto Autotask PSA to streamline case management for MSPs. - [A Better Way to Manage Detection Content](https://docs.contraforce.com/blog/product-announcements/detection-content-management.md): ContraForce introduces an improved way to manage detection content across Microsoft Sentinel workspaces with the Content Management System. - [Improve Incident Response Efficacy with ContraForce Gamebook Automation and Mapping](https://docs.contraforce.com/blog/product-announcements/gamebook-automation-mapping.md): ContraForce introduces enhanced Gamebook automation and mapping capabilities to improve incident response efficacy across customer workspaces. - [ContraForce Platform to Be Hosted in More Regions Around the World](https://docs.contraforce.com/blog/product-announcements/global-hosting-regions.md): ContraForce announces expanded global hosting capabilities to support partners and customers worldwide. - [ContraForce Makes Incident Investigation Even Easier for Microsoft Sentinel and Defender for Endpoint](https://docs.contraforce.com/blog/product-announcements/incident-investigation-improvements.md): ContraForce introduces improvements to incident investigation for Microsoft Sentinel and Microsoft Defender for Endpoint incidents. - [Introducing Security Delivery Agents: AI-Powered Incident Response at Scale](https://docs.contraforce.com/blog/product-announcements/security-delivery-agents.md): Security Delivery Agents automate incident investigation and response across multi-tenant environments, enabling MSPs and MSSPs to scale security operations without scaling headcount. - [The ContraForce Security Delivery Platform](https://docs.contraforce.com/blog/product-announcements/security-delivery-platform-launch.md): Introducing the ContraForce Security Delivery Platform — a new operating model for managed security delivery built on Microsoft Azure and AI. - [ContraForce Adds Support for Splunk, CrowdStrike Falcon XDR, and IBM QRadar SIEM](https://docs.contraforce.com/blog/product-announcements/siem-xdr-platform-support.md): ContraForce expands platform support to include Splunk Enterprise Security, CrowdStrike Falcon XDR, and IBM QRadar SIEM. - [Your SOPs Now Power Your Security Delivery Agents](https://docs.contraforce.com/blog/product-announcements/sop-knowledge-base.md): ContraForce launches the SOP Knowledge Base — upload your Standard Operating Procedures and associate them with Security Delivery Agents for policy-driven incident response. - [Microsoft Defender for Endpoint Module](https://docs.contraforce.com/defender-for-endpoint-module.md): Enable endpoint visibility and management in ContraForce by consenting the Microsoft Defender for Endpoint enterprise application. - [Entity Insights](https://docs.contraforce.com/entity-insights.md): Enrich your investigations with detailed entity insights. View sign-in logs, audit trails, threat intelligence, and related incidents for users, devices, IPs, and more. - [Agent Execution History](https://docs.contraforce.com/guides/agent-center/agent-execution-history.md): Monitor and audit Security Delivery Agent activity with a complete history of every execution, including status, token usage, and incident details. - [Defender for Endpoint On-Queue ](https://docs.contraforce.com/guides/agent-center/defender-for-endpoint-on-queue.md): Enable Security Delivery Agents to automatically detect and respond to Microsoft Defender for Endpoint incidents without Sentinel forwarding. - [SOP Knowledge Base](https://docs.contraforce.com/guides/agent-center/sop-knowledge-base.md): Upload, manage, and associate Standard Operating Procedures with AI Agents to ensure consistent, policy-driven incident response. - [ContaForce and Cyber Insurance](https://docs.contraforce.com/guides/contraforce-and-compliance/contraforce-and-cyber-insurance.md) - [ContraForce Success Teams Channel](https://docs.contraforce.com/guides/general-support/contraforce-success-teams-channel.md) - [ContraForce Support SLA Definitions](https://docs.contraforce.com/guides/general-support/contraforce-support-sla-definitions.md): Below are Support SLAs definitions for ticket requests submitted to the ContraForce Support Team. - [ContraForce User Management](https://docs.contraforce.com/guides/general-support/contraforce-user-management.md): Users can be added to the ContraForce Portal. Additionally, ContraForce has built in user roles to further control access. - [Offboarding Procedure](https://docs.contraforce.com/guides/general-support/offboarding-contra-force.md): Complete guide to removing ContraForce resources from your Microsoft Entra directory and Azure subscription. - [User Roles & Permissions](https://docs.contraforce.com/guides/general-support/roles-and-permissions-reference.md): Complete reference for all ContraForce roles including organization-level and workspace-level permissions, use cases, and assignment best practices. - [Service Accounts](https://docs.contraforce.com/guides/general-support/service-accounts.md): Create and manage non-human identities for programmatic access to the ContraForce v2 API, with per-credential API scopes and cross-workspace authorization. - [User Management](https://docs.contraforce.com/guides/general-support/user-group-management.md): Add users to ContraForce, assign roles, and control access permissions across your organization and workspaces. - [Command Dashboard](https://docs.contraforce.com/guides/getting-started/command-dashboard.md): Your central hub for monitoring incidents, managing workspaces, and overseeing security operations across all your Microsoft tenants. - [Configuring Security Delivery Agents](https://docs.contraforce.com/guides/getting-started/configuring-security-delivery-agents.md): Configure and use Security Delivery Agents to automate incident investigation and response through a phased adoption approach. - [Content Management System (CMS)](https://docs.contraforce.com/guides/getting-started/content-management-system.md): Deploy and manage security detection rules across Microsoft Sentinel environments with toggle-based activation—no KQL expertise required. - [ContraForce Workspaces Page](https://docs.contraforce.com/guides/getting-started/contraforce-workspaces-page.md): The ContraForce Workspaces is multi-functional allowing service providers to pre-onboard customers as well as manage customer configurations. - [ContraForce Endpoint Page Overview](https://docs.contraforce.com/guides/getting-started/endpoint-page-overview.md): This article covers the basics of how to use the ContraForce Endpoint page. - [Incident Classifications](https://docs.contraforce.com/guides/getting-started/incident-classifications.md): Learn how to properly classify incidents as True Positive, False Positive, Benign Positive, or undetermined to improve detection accuracy and reporting. - [Incident Management](https://docs.contraforce.com/guides/getting-started/incident-management.md): A complete workflow for triaging, investigating, and resolving security incidents in ContraForce. - [Multi-Tenant Features](https://docs.contraforce.com/guides/getting-started/multi-tenant-features.md): Manage security delivery across all your customers from a single unified platform. Built for MSPs and MSSPs. - [Platform Permissions and Consent](https://docs.contraforce.com/guides/getting-started/platform-permissions-and-consent.md) - [What are Gamebooks?](https://docs.contraforce.com/guides/getting-started/what-are-gamebooks.md): Automate incident response with AI-generated response actions. Gamebooks let you isolate devices, disable users, block IPs, and more—without manual intervention. - [Workbench Overview](https://docs.contraforce.com/guides/getting-started/workbench-overview.md): Create custom incident response workflows with AI-mapped playbooks and one-click actions. Visualize entities, build Gamebooks, and resolve incidents faster. - [Workspace Manager](https://docs.contraforce.com/guides/getting-started/workspace-manager.md): Manage customer tenants, pre-onboard new customers, configure modules, and control workspace settings from one central location. - [Deploying Agent Center](https://docs.contraforce.com/guides/onboarding/agent-center-deployment.md): Deploy Microsoft Foundry infrastructure through ContraForce to enable automated security operations with Security Delivery Agents. - [Content Management System](https://docs.contraforce.com/guides/onboarding/cms-module.md) - [ContraForce Module Overview](https://docs.contraforce.com/guides/onboarding/contraforce-module-overview.md): Users have the option to deploy two different modules when they onboard ContraForce to their environment. This article will cover what is included in each module. - [ContraForce QRadar Onboarding](https://docs.contraforce.com/guides/onboarding/contraforce-qradar-onboarding.md): ContraForce supports QRadar through the deployment of the XDR + SIEM module. This article will cover the pre-requisites of onboarding QRadar to ContraForce. - [ContraForce Defender Module Onboarding Overview](https://docs.contraforce.com/guides/onboarding/contraforce-xdr-module-onboarding-overview.md): This article will provide an overview of the onboarding process for the ContraForce Defender module. - [CrowdStrike Falcon Detection and Response Modules](https://docs.contraforce.com/guides/onboarding/crowdstrike-detection-and-response-modules.md): Connect the CrowdStrike Falcon Detection and Response modules to a ContraForce workspace to ingest alerts and enable endpoint response actions. - [Microsoft Defender for Endpoint Module](https://docs.contraforce.com/guides/onboarding/defender-for-endpoint-module-deployment.md) - [How to integrate Autotask PSA to ContraForce.](https://docs.contraforce.com/guides/onboarding/how-to-integrate-autotask.md): This article outlines the steps required to integrate Autotask PSA with ContraForce. - [Microsoft Sentinel Integration](https://docs.contraforce.com/guides/onboarding/microsoft-sentinel-module.md): Deploy the Microsoft Sentinel module to enable SIEM integration, real-time incident streaming, detection rules via CMS, and advanced threat hunting capabilities. - [ContraForce Platform Notifications](https://docs.contraforce.com/guides/onboarding/notifications-module.md): Configure email notifications for security incidents, Gamebook activity, and system alerts. Customize by severity and workspace. - [Platform Onboarding](https://docs.contraforce.com/guides/onboarding/platform-onboarding.md): Get started with ContraForce by connecting your organization's Microsoft environment. For internal security teams and partners setting up their parent tenant. - [SentinelOne Detection and Response Modules](https://docs.contraforce.com/guides/onboarding/sentinelone-module.md): Connect the SentinelOne Detection and Response modules to a ContraForce workspace to ingest threats and enable endpoint response actions. - [User & Group Management for Partners](https://docs.contraforce.com/guides/onboarding/user-group-management-for-providers.md): Comprehensive guide for MSP/MSSP partners to understand and configure user management, groups, and permissions across parent and child workspaces. - [Workspace Permissions and Consent](https://docs.contraforce.com/guides/onboarding/workspace-onboarding.md): Understanding the Microsoft Entra ID permissions and enterprise applications required for ContraForce workspace deployments. - [Workspace Onboarding Checklist](https://docs.contraforce.com/guides/onboarding/workspace-onboarding-checklist.md) - [Auditing Enterprise App Permissions](https://docs.contraforce.com/guides/technical/auditing-enterprise-app-permissions.md): Independently verify the permissions granted to ContraForce enterprise applications in your Microsoft Entra ID tenant using read-only audit scripts. - [Azure Resources Deployed](https://docs.contraforce.com/guides/technical/azure-resources-deployed.md): Complete reference of all Azure resources, enterprise applications, and role assignments provisioned during ContraForce onboarding. - [ContraForce Partner API Overview](https://docs.contraforce.com/guides/technical/contraforce-api-documentation.md): ContraForce has a publicly available API that can be used for integrations into various platforms. - [Microsoft Defender for Endpoint Enterprise Application](https://docs.contraforce.com/guides/technical/contraforce-defender-for-endpoint-enterprise-application.md): This article provides an overview of the Microsoft Defender for Endpoint enterprise application. - [ContraForce Gamebooks for Identity Enterprise Application](https://docs.contraforce.com/guides/technical/contraforce-gamebooks-for-identity-enterprise-application.md): This article provides an overview of the ContraForce Gamebooks for Identity enterprise application. - [ContraForce Microsoft 365 Response Enterprise Application](https://docs.contraforce.com/guides/technical/contraforce-microsoft-365-response-enterprise-application.md): This article provides an overview of the Microsoft 365 Response enterprise application. - [ContraForce Notification Modules](https://docs.contraforce.com/guides/technical/contraforce-notification-modules.md): This article will provide an overview of the notification capabilities within ContraForce. - [ContraForce Release Notes](https://docs.contraforce.com/guides/technical/contraforce-release-notes.md): With each product release, we document changes to the ContraForce Portal. Product releases can include bug fixes, new features, and performance related improvements. - [ContraForce's Microsoft Sentinel Hunting Enterprise Application](https://docs.contraforce.com/guides/technical/contraforce-sentinel-hunting-enterprise-application.md): This article provides an overview of ContraForce's Microsoft Sentinel Hunting enterprise application. - [Enterprise Applications Reference](https://docs.contraforce.com/guides/technical/enterprise-applications.md): Complete reference for all ContraForce enterprise applications, their permissions, and what each enables in your environment. - [Understanding Events, Alerts, and Incidents](https://docs.contraforce.com/guides/technical/events-vs-alerts-vs-incidents.md): ContraForce ingests data from over 100 available data sources into three classes: events, alerts, and incidents. Each class corresponds with the other and understanding the relationship between each w - [Microsoft Defender Capability Matrix](https://docs.contraforce.com/guides/technical/microsoft-defender-capability-matrix.md): Complete feature reference for ContraForce capabilities with Microsoft Defender products across Business Premium, E3, and E5 licenses. - [Configure Notifications](https://docs.contraforce.com/guides/technical/notifications-configuration.md): Customize email notifications for Microsoft Sentinel incidents by severity and workspace. Configure alerts for your SOC team with per-customer granularity. - [Onboarding Workspaces](https://docs.contraforce.com/onboarding-customer-workspaces.md) - [ContraForce Overview](https://docs.contraforce.com/overview.md): Welcome to the ContraForce documentation. Learn how to streamline your security delivery with AI-powered triage, investigation, and response. - [ContraForce Release Notes](https://docs.contraforce.com/release-notes.md) - [ContraForce Capabilities Matrix](https://docs.contraforce.com/staging/contraforce-capabilities-matrix.md): Complete feature reference for ContraForce capabilities across all supported security integrations — Microsoft Sentinel, Defender for Endpoint, CrowdStrike, SentinelOne, and more. - [Submit a Support Ticket](https://docs.contraforce.com/submit-ticket.md): Open a support request with the ContraForce team and we'll get back to you promptly. ## OpenAPI Specs - [openapi](https://docs.contraforce.com/api-reference/openapi.json) ## Optional - [Overview](https://docs.contraforce.com/overview) - [Release Notes](https://docs.contraforce.com/release-notes) - [API Reference](https://docs.contraforce.com/api-reference-hidden/partner-api)