# Petra Security Docs ## Docs - [Onboard a Tenant](https://docs.petrasecurity.com/add-tenant.md): Two ways to get Microsoft logs flowing into Petra - [Anonymize Incidents](https://docs.petrasecurity.com/anonymize-incidents.md): Show any quickly caught incident as a victory lap, and any Scan finding as a cautionary tale, without exposing your client's data. - [Authentication](https://docs.petrasecurity.com/api-reference/authentication.md): Learn how to authenticate with the Petra Security API - [Get Billable Users](https://docs.petrasecurity.com/api-reference/endpoints/get-billable-users.md): Retrieve the list of billable users for a specific Petra tenant. A user is considered billable if they have non-empty assignedLicenseSkuIds and are not deleted (deletedAt is null). - [Get Failed Attacks](https://docs.petrasecurity.com/api-reference/endpoints/get-failed-attacks.md): Retrieve failed-attack data for a specific tenant. Returns attack counts by country, daily attack breakdowns by type, and the most targeted users for the requested date range. - [Get Incidents](https://docs.petrasecurity.com/api-reference/endpoints/get-incidents.md): Retrieve security incidents ordered by creation date (newest first). - [Get Usage](https://docs.petrasecurity.com/api-reference/endpoints/get-usage.md): Retrieve tenant usage stats, including billable date range and number of licensed users. - [Microsoft 365 Audit Logs](https://docs.petrasecurity.com/audit-logs.md): How Microsoft audit logs work with Petra, how to enable them, and what to expect. - [Changelog](https://docs.petrasecurity.com/changelog.md) - [Autotask PSA Integration](https://docs.petrasecurity.com/integrations/autotask.md): Connect Petra with Autotask PSA for automated ticketing and billing sync. - [ConnectWise PSA Integration](https://docs.petrasecurity.com/integrations/connectwise.md): Connect Petra with ConnectWise PSA (Manage) for automated ticketing and billing sync. - [Custom Webhooks](https://docs.petrasecurity.com/integrations/custom-webhooks.md): Connect any automation tool to Petra and trigger workflows the moment an incident is detected. - [Halo PSA Integration](https://docs.petrasecurity.com/integrations/halo.md): Connect Petra with Halo PSA for automated ticketing and billing sync. - [How did this compromise happen?](https://docs.petrasecurity.com/investigating/how-did-this-compromise-happen.md): How to explain to a client the path an attacker took to compromise their account. - [What activity is coming from outside the US?](https://docs.petrasecurity.com/investigating/investigate-activity-outside-united-states.md): Learn how to monitor and analyze login activity originating from non-US locations - [What emails did the attacker access?](https://docs.petrasecurity.com/investigating/investigate-email-access.md): Determine the full extent of unauthorized access to a compromised account's mailbox. - [Who is attacking my environment? (Failed Attacks)](https://docs.petrasecurity.com/investigating/investigate-failed-attacks.md): Investigate unsuccessful login attempts and attacker behavior - [Who is using a proxy/VPN? Which ones?](https://docs.petrasecurity.com/investigating/investigate-proxy-and-vpn-use.md): Learn how to identify and analyze proxy, VPN, and data center usage in your environment - [What did the attacker do?](https://docs.petrasecurity.com/investigating/investigate-what-the-attacker-did.md): Learn how to view and analyze actions performed by attackers during an account compromise - [Is A User Compromised?](https://docs.petrasecurity.com/is-a-user-compromised.md): How to triage login activity and rule out the common false positives. - [ITDR vs. Email Security](https://docs.petrasecurity.com/itdr-vs-email-security.md): Petra is an identity threat detection tool, not an email security tool. Here is how they differ and why you need both. - [Marketing Hub](https://docs.petrasecurity.com/marketing-hub.md): Downloadable sales materials, presentations, and documentation to help you sell Petra to existing clients and prospects. - [Mid Trial FAQs](https://docs.petrasecurity.com/mid-trial-faqs.md): Frequently asked questions during your Petra trial. - [Microsoft Partner Center](https://docs.petrasecurity.com/partner-center.md): Onboard and manage client tenants in bulk through your Microsoft Partner Center and GDAP relationships. - [Onboarding Configuration](https://docs.petrasecurity.com/petra-active-vs-autopsy.md): What happens when you onboard a tenant to Petra. - [Cross-Tenant Phish Removal](https://docs.petrasecurity.com/remediation/cross-tenant-phish-removal.md): Find and remove a phishing email from every managed tenant by subject. - [Remediate an Account Compromise](https://docs.petrasecurity.com/remediation/how-to-remediate.md): Step-by-step guide for handling and remediating compromised accounts in Petra - [What is Petra Response?](https://docs.petrasecurity.com/remediation/what-is-petra-response.md): Petra's SOC can remediate incidents for you. - [Threat Remediation Report](https://docs.petrasecurity.com/reporting/incident-report.md): White-label PDF report. - [Prospecting Report](https://docs.petrasecurity.com/reporting/prospecting-report.md): A white-labeled PDF that transforms 6 months of Microsoft 365 forensics into a sales-ready document for prospecting and client meetings. - [Tenant Report](https://docs.petrasecurity.com/reporting/tenant-report.md): Everything Petra identifies, including M365 incidents, failed attacks, uncommon activities, and spotlighted investigations can be compiled into a white-labeled PDF report. - [Authentication](https://docs.petrasecurity.com/settings/authentication.md): Control how members sign in to your Petra organization — including allowed login methods, MFA enforcement, Just-in-Time provisioning, and SSO - [Billing & Payment](https://docs.petrasecurity.com/settings/billing.md): Access invoices, manage payment methods, and resolve billing portal login issues. - [Co-Managed Tenants](https://docs.petrasecurity.com/settings/co-managed-tenants.md): Give your clients secure, scoped access to their own tenant in Petra - [How Petra Calculates Billable Licenses](https://docs.petrasecurity.com/settings/licensed-users.md): Which users am I billed for? - [Member Roles and Permissions](https://docs.petrasecurity.com/settings/member-roles-and-permissions.md): Understand the different member roles and permissions in Petra - [Pause or Remove a Tenant](https://docs.petrasecurity.com/settings/offboard-tenant.md): How to pause or offboard a tenant from Petra - [Updating Notification Methods in Petra](https://docs.petrasecurity.com/settings/update-incident-notification-methods.md): Configure how your team receives alerts when incidents occur - [View Tenant Applications](https://docs.petrasecurity.com/settings/view-tenant-applications.md): See all applications registered in a tenant from the Admin panel - [Sign-In Troubleshooting](https://docs.petrasecurity.com/troubleshooting/sign-in.md): Common sign-in issues and how to resolve them - [Welcome to Petra Security](https://docs.petrasecurity.com/welcome.md): Petra Security is a detection and analysis tool for M365 attacks. Teams use Petra to detect and quickly shut down BECs, deeply investigate M365 environments, and prepare active risk assessments. - [What Petra Alerts On](https://docs.petrasecurity.com/what-petra-alerts-on.md): Petra only alerts on real account compromises. Everything else is noise. ## OpenAPI Specs - [openapi](https://docs.petrasecurity.com/api-reference/openapi.json) ## Optional - [Research](https://petrasecurity.substack.com) - [Support](mailto:support@petrasecurity.com)