From 05207554978b7ca295186f41d6fcb0ebeb067930 Mon Sep 17 00:00:00 2001 From: Ben Alfasi Date: Thu, 28 Jan 2021 18:54:48 +0200 Subject: [PATCH] 1 --- .../exposed-apis-odata-samples.md | 170 ++++++++++++------ .../get-alert-related-machine-info.md | 47 +++-- .../get-machine-by-id.md | 38 ++-- .../microsoft-defender-atp/get-machines.md | 38 ++-- .../microsoft-defender-atp/machine.md | 4 +- 5 files changed, 197 insertions(+), 100 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md index ab3344e02c..589c3508f8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md @@ -221,25 +221,39 @@ HTTP GET https://api.securitycenter.microsoft.com/api/machines?$filter=riskScor "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines", "value": [ { - "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", + "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", "computerDnsName": "mymachine1.contoso.com", "firstSeen": "2018-08-02T14:55:03.7791856Z", - "lastSeen": "2018-08-02T14:55:03.7791856Z", + "lastSeen": "2021-01-25T07:27:36.052313Z", "osPlatform": "Windows10", - "version": "1709", "osProcessor": "x64", - "lastIpAddress": "172.17.230.209", - "lastExternalIpAddress": "167.220.196.71", - "osBuild": 18209, + "version": "1901", + "lastIpAddress": "10.166.113.46", + "lastExternalIpAddress": "167.220.203.175", + "osBuild": 19042, "healthStatus": "Active", - "rbacGroupId": 140, + "deviceValue": "Normal", "rbacGroupName": "The-A-Team", "riskScore": "High", - "exposureLevel": "Medium", - "isAadJoined": true, - "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", - "machineTags": [ "test tag 1", "ExampleTag" ] - }, + "exposureLevel": "Low", + "aadDeviceId": "fd2e4d29-7072-4195-aaa5-1af139b78028", + "machineTags": [ + "Tag1", + "Tag2" + ], + "ipAddresses": [ + { + "ipAddress": "10.166.113.47", + "macAddress": "8CEC4B897E73", + "operationalStatus": "Up" + }, + { + "ipAddress": "2a01:110:68:4:59e4:3916:3b3e:4f96", + "macAddress": "8CEC4B897E73", + "operationalStatus": "Up" + } + ] + }, ... ] } @@ -260,25 +274,39 @@ HTTP GET https://api.securitycenter.microsoft.com/api/machines?$filter=healthSt "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines", "value": [ { - "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", + "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", "computerDnsName": "mymachine1.contoso.com", "firstSeen": "2018-08-02T14:55:03.7791856Z", - "lastSeen": "2018-08-02T14:55:03.7791856Z", + "lastSeen": "2021-01-25T07:27:36.052313Z", "osPlatform": "Windows10", - "version": "1709", "osProcessor": "x64", - "lastIpAddress": "172.17.230.209", - "lastExternalIpAddress": "167.220.196.71", - "osBuild": 18209, - "healthStatus": "ImpairedCommunication", - "rbacGroupId": 140, + "version": "1901", + "lastIpAddress": "10.166.113.46", + "lastExternalIpAddress": "167.220.203.175", + "osBuild": 19042, + "healthStatus": "Active", + "deviceValue": "Normal", "rbacGroupName": "The-A-Team", "riskScore": "Low", - "exposureLevel": "Medium", - "isAadJoined": true, - "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", - "machineTags": [ "test tag 1", "ExampleTag" ] - }, + "exposureLevel": "Low", + "aadDeviceId": "fd2e4d29-7072-4195-aaa5-1af139b78028", + "machineTags": [ + "Tag1", + "Tag2" + ], + "ipAddresses": [ + { + "ipAddress": "10.166.113.47", + "macAddress": "8CEC4B897E73", + "operationalStatus": "Up" + }, + { + "ipAddress": "2a01:110:68:4:59e4:3916:3b3e:4f96", + "macAddress": "8CEC4B897E73", + "operationalStatus": "Up" + } + ] + }, ... ] } @@ -299,25 +327,39 @@ HTTP GET https://api.securitycenter.microsoft.com/api/machines?$filter=lastSeen "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines", "value": [ { - "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", + "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", "computerDnsName": "mymachine1.contoso.com", "firstSeen": "2018-08-02T14:55:03.7791856Z", - "lastSeen": "2018-08-02T14:55:03.7791856Z", + "lastSeen": "2021-01-25T07:27:36.052313Z", "osPlatform": "Windows10", - "version": "1709", "osProcessor": "x64", - "lastIpAddress": "172.17.230.209", - "lastExternalIpAddress": "167.220.196.71", - "osBuild": 18209, - "healthStatus": "ImpairedCommunication", - "rbacGroupId": 140, + "version": "1901", + "lastIpAddress": "10.166.113.46", + "lastExternalIpAddress": "167.220.203.175", + "osBuild": 19042, + "healthStatus": "Active", + "deviceValue": "Normal", "rbacGroupName": "The-A-Team", "riskScore": "Low", - "exposureLevel": "Medium", - "isAadJoined": true, - "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", - "machineTags": [ "test tag 1", "ExampleTag" ] - }, + "exposureLevel": "Low", + "aadDeviceId": "fd2e4d29-7072-4195-aaa5-1af139b78028", + "machineTags": [ + "Tag1", + "Tag2" + ], + "ipAddresses": [ + { + "ipAddress": "10.166.113.47", + "macAddress": "8CEC4B897E73", + "operationalStatus": "Up" + }, + { + "ipAddress": "2a01:110:68:4:59e4:3916:3b3e:4f96", + "macAddress": "8CEC4B897E73", + "operationalStatus": "Up" + } + ] + }, ... ] } @@ -384,25 +426,39 @@ json{ "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines", "value": [ { - "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", - "computerDnsName": "mymachine1.contoso.com", - "firstSeen": "2018-08-02T14:55:03.7791856Z", - "lastSeen": "2018-08-02T14:55:03.7791856Z", - "osPlatform": "Windows10", - "version": "1709", - "osProcessor": "x64", - "lastIpAddress": "172.17.230.209", - "lastExternalIpAddress": "167.220.196.71", - "osBuild": 18209, - "healthStatus": "ImpairedCommunication", - "rbacGroupId": 140, - "rbacGroupName": "The-A-Team", - "riskScore": "Low", - "exposureLevel": "Medium", - "isAadJoined": true, - "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", - "machineTags": [ "test tag 1", "ExampleTag" ] - }, + "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", + "computerDnsName": "mymachine1.contoso.com", + "firstSeen": "2018-08-02T14:55:03.7791856Z", + "lastSeen": "2021-01-25T07:27:36.052313Z", + "osPlatform": "Windows10", + "osProcessor": "x64", + "version": "1901", + "lastIpAddress": "10.166.113.46", + "lastExternalIpAddress": "167.220.203.175", + "osBuild": 19042, + "healthStatus": "Active", + "deviceValue": "Normal", + "rbacGroupName": "The-A-Team", + "riskScore": "Low", + "exposureLevel": "Low", + "aadDeviceId": "fd2e4d29-7072-4195-aaa5-1af139b78028", + "machineTags": [ + "Tag1", + "Tag2" + ], + "ipAddresses": [ + { + "ipAddress": "10.166.113.47", + "macAddress": "8CEC4B897E73", + "operationalStatus": "Up" + }, + { + "ipAddress": "2a01:110:68:4:59e4:3916:3b3e:4f96", + "macAddress": "8CEC4B897E73", + "operationalStatus": "Up" + } + ] + }, ... ] } diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md index 60d47669c1..1ee033457d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md @@ -90,24 +90,37 @@ Here is an example of the response. ```json { - "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines/$entity", - "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", - "computerDnsName": "mymachine1.contoso.com", - "firstSeen": "2018-08-02T14:55:03.7791856Z", - "lastSeen": "2018-08-02T14:55:03.7791856Z", - "osPlatform": "Windows10", - "version": "1709", + "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", + "computerDnsName": "mymachine1.contoso.com", + "firstSeen": "2018-08-02T14:55:03.7791856Z", + "lastSeen": "2021-01-25T07:27:36.052313Z", + "osPlatform": "Windows10", "osProcessor": "x64", - "lastIpAddress": "172.17.230.209", - "lastExternalIpAddress": "167.220.196.71", - "osBuild": 18209, - "healthStatus": "Active", - "rbacGroupId": 140, + "version": "1901", + "lastIpAddress": "10.166.113.46", + "lastExternalIpAddress": "167.220.203.175", + "osBuild": 19042, + "healthStatus": "Active", + "deviceValue": "Normal", "rbacGroupName": "The-A-Team", - "riskScore": "Low", - "exposureLevel": "Medium", - "isAadJoined": true, - "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", - "machineTags": [ "test tag 1", "test tag 2" ] + "riskScore": "Low", + "exposureLevel": "Low", + "aadDeviceId": "fd2e4d29-7072-4195-aaa5-1af139b78028", + "machineTags": [ + "Tag1", + "Tag2" + ], + "ipAddresses": [ + { + "ipAddress": "10.166.113.47", + "macAddress": "8CEC4B897E73", + "operationalStatus": "Up" + }, + { + "ipAddress": "2a01:110:68:4:59e4:3916:3b3e:4f96", + "macAddress": "8CEC4B897E73", + "operationalStatus": "Up" + } + ] } ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md index 0a6ff20f30..c754604e60 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md @@ -93,25 +93,37 @@ Here is an example of the response. ```json { - "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machine", - "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", + "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", "computerDnsName": "mymachine1.contoso.com", "firstSeen": "2018-08-02T14:55:03.7791856Z", - "lastSeen": "2018-08-02T14:55:03.7791856Z", + "lastSeen": "2021-01-25T07:27:36.052313Z", "osPlatform": "Windows10", - "version": "1709", "osProcessor": "x64", - "lastIpAddress": "172.17.230.209", - "lastExternalIpAddress": "167.220.196.71", - "osBuild": 18209, + "version": "1901", + "lastIpAddress": "10.166.113.46", + "lastExternalIpAddress": "167.220.203.175", + "osBuild": 19042, "healthStatus": "Active", - "rbacGroupId": 140, + "deviceValue": "Normal", "rbacGroupName": "The-A-Team", "riskScore": "Low", - "exposureLevel": "Medium", - "isAadJoined": true, - "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", - "machineTags": [ "test tag 1", "test tag 2" ] + "exposureLevel": "Low", + "aadDeviceId": "fd2e4d29-7072-4195-aaa5-1af139b78028", + "machineTags": [ + "Tag1", + "Tag2" + ], + "ipAddresses": [ + { + "ipAddress": "10.166.113.47", + "macAddress": "8CEC4B897E73", + "operationalStatus": "Up" + }, + { + "ipAddress": "2a01:110:68:4:59e4:3916:3b3e:4f96", + "macAddress": "8CEC4B897E73", + "operationalStatus": "Up" + } + ] } - ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md index 42a179a64f..a36163fc75 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md @@ -97,25 +97,39 @@ Here is an example of the response. "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines", "value": [ { - "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", + "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", "computerDnsName": "mymachine1.contoso.com", "firstSeen": "2018-08-02T14:55:03.7791856Z", - "lastSeen": "2018-08-02T14:55:03.7791856Z", + "lastSeen": "2021-01-25T07:27:36.052313Z", "osPlatform": "Windows10", - "version": "1709", "osProcessor": "x64", - "lastIpAddress": "172.17.230.209", - "lastExternalIpAddress": "167.220.196.71", - "osBuild": 18209, + "version": "1901", + "lastIpAddress": "10.166.113.46", + "lastExternalIpAddress": "167.220.203.175", + "osBuild": 19042, "healthStatus": "Active", - "rbacGroupId": 140, + "deviceValue": "Normal", "rbacGroupName": "The-A-Team", "riskScore": "Low", - "exposureLevel": "Medium", - "isAadJoined": true, - "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", - "machineTags": [ "test tag 1", "test tag 2" ] - } + "exposureLevel": "Low", + "aadDeviceId": "fd2e4d29-7072-4195-aaa5-1af139b78028", + "machineTags": [ + "Tag1", + "Tag2" + ], + "ipAddresses": [ + { + "ipAddress": "10.166.113.47", + "macAddress": "8CEC4B897E73", + "operationalStatus": "Up" + }, + { + "ipAddress": "2a01:110:68:4:59e4:3916:3b3e:4f96", + "macAddress": "8CEC4B897E73", + "operationalStatus": "Up" + } + ] + }, ... ] } diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index 896f5ca654..79b6f79c97 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -58,17 +58,19 @@ computerDnsName | String | [machine](machine.md) fully qualified name. firstSeen | DateTimeOffset | First date and time where the [machine](machine.md) was observed by Microsoft Defender for Endpoint. lastSeen | DateTimeOffset |Time and date of the last received full device report. A device typically sends a full report every 24 hours. osPlatform | String | Operating system platform. +osProcessor | String | Operating system processor. version | String | Operating system Version. osBuild | Nullable long | Operating system build number. lastIpAddress | String | Last IP on local NIC on the [machine](machine.md). lastExternalIpAddress | String | Last IP through which the [machine](machine.md) accessed the internet. healthStatus | Enum | [machine](machine.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData", "NoSensorDataImpairedCommunication" and "Unknown". rbacGroupName | String | Machine group Name. -rbacGroupId | Int | Machine group unique ID. riskScore | Nullable Enum | Risk score as evaluated by Microsoft Defender for Endpoint. Possible values are: 'None', 'Informational', 'Low', 'Medium' and 'High'. exposureScore | Nullable Enum | [Exposure score](tvm-exposure-score.md) as evaluated by Microsoft Defender for Endpoint. Possible values are: 'None', 'Low', 'Medium' and 'High'. aadDeviceId | Nullable representation Guid | AAD Device ID (when [machine](machine.md) is AAD Joined). machineTags | String collection | Set of [machine](machine.md) tags. exposureLevel | Nullable Enum | Exposure level as evaluated by Microsoft Defender for Endpoint. Possible values are: 'None', 'Low', 'Medium' and 'High'. deviceValue | Nullable Enum | The [value of the device](tvm-assign-device-value.md). Possible values are: 'Normal', 'Low' and 'High'. +ipAddresses | IpAddress collection | Set of ***IpAddress*** object. See [Get machines API](get-machines.md). +