deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 13:23:36 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

1

Browse Source
This commit is contained in:
Ben Alfasi
2021-01-28 18:54:48 +02:00
parent 7cd95e5ac9
commit 0520755497
5 changed files with 197 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

142
windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
View File

@ -224,21 +224,35 @@ HTTP GET https://api.securitycenter.microsoft.com/api/machines?$filter=riskScor
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
"computerDnsName": "mymachine1.contoso.com", "computerDnsName": "mymachine1.contoso.com",
"firstSeen": "2018-08-02T14:55:03.7791856Z", "firstSeen": "2018-08-02T14:55:03.7791856Z",
"lastSeen": "2018-08-02T14:55:03.7791856Z", "lastSeen": "2021-01-25T07:27:36.052313Z",
"osPlatform": "Windows10", "osPlatform": "Windows10",
"version": "1709",
"osProcessor": "x64", "osProcessor": "x64",
"lastIpAddress": "172.17.230.209", "version": "1901",
"lastExternalIpAddress": "167.220.196.71", "lastIpAddress": "10.166.113.46",
"osBuild": 18209, "lastExternalIpAddress": "167.220.203.175",
"osBuild": 19042,
"healthStatus": "Active", "healthStatus": "Active",
"rbacGroupId": 140, "deviceValue": "Normal",
"rbacGroupName": "The-A-Team", "rbacGroupName": "The-A-Team",
"riskScore": "High", "riskScore": "High",
"exposureLevel": "Medium", "exposureLevel": "Low",
"isAadJoined": true, "aadDeviceId": "fd2e4d29-7072-4195-aaa5-1af139b78028",
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", "machineTags": [
"machineTags": [ "test tag 1", "ExampleTag" ] "Tag1",
"Tag2"
],
"ipAddresses": [
{
"ipAddress": "10.166.113.47",
"macAddress": "8CEC4B897E73",
"operationalStatus": "Up"
},
{
"ipAddress": "2a01:110:68:4:59e4:3916:3b3e:4f96",
"macAddress": "8CEC4B897E73",
"operationalStatus": "Up"
}
]
}, },
... ...
] ]
@ -263,21 +277,35 @@ HTTP GET https://api.securitycenter.microsoft.com/api/machines?$filter=healthSt
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
"computerDnsName": "mymachine1.contoso.com", "computerDnsName": "mymachine1.contoso.com",
"firstSeen": "2018-08-02T14:55:03.7791856Z", "firstSeen": "2018-08-02T14:55:03.7791856Z",
"lastSeen": "2018-08-02T14:55:03.7791856Z", "lastSeen": "2021-01-25T07:27:36.052313Z",
"osPlatform": "Windows10", "osPlatform": "Windows10",
"version": "1709",
"osProcessor": "x64", "osProcessor": "x64",
"lastIpAddress": "172.17.230.209", "version": "1901",
"lastExternalIpAddress": "167.220.196.71", "lastIpAddress": "10.166.113.46",
"osBuild": 18209, "lastExternalIpAddress": "167.220.203.175",
"healthStatus": "ImpairedCommunication", "osBuild": 19042,
"rbacGroupId": 140, "healthStatus": "Active",
"deviceValue": "Normal",
"rbacGroupName": "The-A-Team", "rbacGroupName": "The-A-Team",
"riskScore": "Low", "riskScore": "Low",
"exposureLevel": "Medium", "exposureLevel": "Low",
"isAadJoined": true, "aadDeviceId": "fd2e4d29-7072-4195-aaa5-1af139b78028",
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", "machineTags": [
"machineTags": [ "test tag 1", "ExampleTag" ] "Tag1",
"Tag2"
],
"ipAddresses": [
{
"ipAddress": "10.166.113.47",
"macAddress": "8CEC4B897E73",
"operationalStatus": "Up"
},
{
"ipAddress": "2a01:110:68:4:59e4:3916:3b3e:4f96",
"macAddress": "8CEC4B897E73",
"operationalStatus": "Up"
}
]
}, },
... ...
] ]
@ -302,21 +330,35 @@ HTTP GET https://api.securitycenter.microsoft.com/api/machines?$filter=lastSeen
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
"computerDnsName": "mymachine1.contoso.com", "computerDnsName": "mymachine1.contoso.com",
"firstSeen": "2018-08-02T14:55:03.7791856Z", "firstSeen": "2018-08-02T14:55:03.7791856Z",
"lastSeen": "2018-08-02T14:55:03.7791856Z", "lastSeen": "2021-01-25T07:27:36.052313Z",
"osPlatform": "Windows10", "osPlatform": "Windows10",
"version": "1709",
"osProcessor": "x64", "osProcessor": "x64",
"lastIpAddress": "172.17.230.209", "version": "1901",
"lastExternalIpAddress": "167.220.196.71", "lastIpAddress": "10.166.113.46",
"osBuild": 18209, "lastExternalIpAddress": "167.220.203.175",
"healthStatus": "ImpairedCommunication", "osBuild": 19042,
"rbacGroupId": 140, "healthStatus": "Active",
"deviceValue": "Normal",
"rbacGroupName": "The-A-Team", "rbacGroupName": "The-A-Team",
"riskScore": "Low", "riskScore": "Low",
"exposureLevel": "Medium", "exposureLevel": "Low",
"isAadJoined": true, "aadDeviceId": "fd2e4d29-7072-4195-aaa5-1af139b78028",
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", "machineTags": [
"machineTags": [ "test tag 1", "ExampleTag" ] "Tag1",
"Tag2"
],
"ipAddresses": [
{
"ipAddress": "10.166.113.47",
"macAddress": "8CEC4B897E73",
"operationalStatus": "Up"
},
{
"ipAddress": "2a01:110:68:4:59e4:3916:3b3e:4f96",
"macAddress": "8CEC4B897E73",
"operationalStatus": "Up"
}
]
}, },
... ...
] ]
@ -387,21 +429,35 @@ json{
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
"computerDnsName": "mymachine1.contoso.com", "computerDnsName": "mymachine1.contoso.com",
"firstSeen": "2018-08-02T14:55:03.7791856Z", "firstSeen": "2018-08-02T14:55:03.7791856Z",
"lastSeen": "2018-08-02T14:55:03.7791856Z", "lastSeen": "2021-01-25T07:27:36.052313Z",
"osPlatform": "Windows10", "osPlatform": "Windows10",
"version": "1709",
"osProcessor": "x64", "osProcessor": "x64",
"lastIpAddress": "172.17.230.209", "version": "1901",
"lastExternalIpAddress": "167.220.196.71", "lastIpAddress": "10.166.113.46",
"osBuild": 18209, "lastExternalIpAddress": "167.220.203.175",
"healthStatus": "ImpairedCommunication", "osBuild": 19042,
"rbacGroupId": 140, "healthStatus": "Active",
"deviceValue": "Normal",
"rbacGroupName": "The-A-Team", "rbacGroupName": "The-A-Team",
"riskScore": "Low", "riskScore": "Low",
"exposureLevel": "Medium", "exposureLevel": "Low",
"isAadJoined": true, "aadDeviceId": "fd2e4d29-7072-4195-aaa5-1af139b78028",
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", "machineTags": [
"machineTags": [ "test tag 1", "ExampleTag" ] "Tag1",
"Tag2"
],
"ipAddresses": [
{
"ipAddress": "10.166.113.47",
"macAddress": "8CEC4B897E73",
"operationalStatus": "Up"
},
{
"ipAddress": "2a01:110:68:4:59e4:3916:3b3e:4f96",
"macAddress": "8CEC4B897E73",
"operationalStatus": "Up"
}
]
}, },
... ...
] ]

35
windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
View File

@ -90,24 +90,37 @@ Here is an example of the response.
```json ```json
{ {
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines/$entity",
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
"computerDnsName": "mymachine1.contoso.com", "computerDnsName": "mymachine1.contoso.com",
"firstSeen": "2018-08-02T14:55:03.7791856Z", "firstSeen": "2018-08-02T14:55:03.7791856Z",
"lastSeen": "2018-08-02T14:55:03.7791856Z", "lastSeen": "2021-01-25T07:27:36.052313Z",
"osPlatform": "Windows10", "osPlatform": "Windows10",
"version": "1709",
"osProcessor": "x64", "osProcessor": "x64",
"lastIpAddress": "172.17.230.209", "version": "1901",
"lastExternalIpAddress": "167.220.196.71", "lastIpAddress": "10.166.113.46",
"osBuild": 18209, "lastExternalIpAddress": "167.220.203.175",
"osBuild": 19042,
"healthStatus": "Active", "healthStatus": "Active",
"rbacGroupId": 140, "deviceValue": "Normal",
"rbacGroupName": "The-A-Team", "rbacGroupName": "The-A-Team",
"riskScore": "Low", "riskScore": "Low",
"exposureLevel": "Medium", "exposureLevel": "Low",
"isAadJoined": true, "aadDeviceId": "fd2e4d29-7072-4195-aaa5-1af139b78028",
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", "machineTags": [
"machineTags": [ "test tag 1", "test tag 2" ] "Tag1",
"Tag2"
],
"ipAddresses": [
{
"ipAddress": "10.166.113.47",
"macAddress": "8CEC4B897E73",
"operationalStatus": "Up"
},
{
"ipAddress": "2a01:110:68:4:59e4:3916:3b3e:4f96",
"macAddress": "8CEC4B897E73",
"operationalStatus": "Up"
}
]
} }
``` ```

36
windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
View File

@ -93,25 +93,37 @@ Here is an example of the response.
```json ```json
{ {
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machine",
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
"computerDnsName": "mymachine1.contoso.com", "computerDnsName": "mymachine1.contoso.com",
"firstSeen": "2018-08-02T14:55:03.7791856Z", "firstSeen": "2018-08-02T14:55:03.7791856Z",
"lastSeen": "2018-08-02T14:55:03.7791856Z", "lastSeen": "2021-01-25T07:27:36.052313Z",
"osPlatform": "Windows10", "osPlatform": "Windows10",
"version": "1709",
"osProcessor": "x64", "osProcessor": "x64",
"lastIpAddress": "172.17.230.209", "version": "1901",
"lastExternalIpAddress": "167.220.196.71", "lastIpAddress": "10.166.113.46",
"osBuild": 18209, "lastExternalIpAddress": "167.220.203.175",
"osBuild": 19042,
"healthStatus": "Active", "healthStatus": "Active",
"rbacGroupId": 140, "deviceValue": "Normal",
"rbacGroupName": "The-A-Team", "rbacGroupName": "The-A-Team",
"riskScore": "Low", "riskScore": "Low",
"exposureLevel": "Medium", "exposureLevel": "Low",
"isAadJoined": true, "aadDeviceId": "fd2e4d29-7072-4195-aaa5-1af139b78028",
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", "machineTags": [
"machineTags": [ "test tag 1", "test tag 2" ] "Tag1",
"Tag2"
],
"ipAddresses": [
{
"ipAddress": "10.166.113.47",
"macAddress": "8CEC4B897E73",
"operationalStatus": "Up"
},
{
"ipAddress": "2a01:110:68:4:59e4:3916:3b3e:4f96",
"macAddress": "8CEC4B897E73",
"operationalStatus": "Up"
}
]
} }
``` ```

34
windows/security/threat-protection/microsoft-defender-atp/get-machines.md
View File

@ -100,22 +100,36 @@ Here is an example of the response.
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
"computerDnsName": "mymachine1.contoso.com", "computerDnsName": "mymachine1.contoso.com",
"firstSeen": "2018-08-02T14:55:03.7791856Z", "firstSeen": "2018-08-02T14:55:03.7791856Z",
"lastSeen": "2018-08-02T14:55:03.7791856Z", "lastSeen": "2021-01-25T07:27:36.052313Z",
"osPlatform": "Windows10", "osPlatform": "Windows10",
"version": "1709",
"osProcessor": "x64", "osProcessor": "x64",
"lastIpAddress": "172.17.230.209", "version": "1901",
"lastExternalIpAddress": "167.220.196.71", "lastIpAddress": "10.166.113.46",
"osBuild": 18209, "lastExternalIpAddress": "167.220.203.175",
"osBuild": 19042,
"healthStatus": "Active", "healthStatus": "Active",
"rbacGroupId": 140, "deviceValue": "Normal",
"rbacGroupName": "The-A-Team", "rbacGroupName": "The-A-Team",
"riskScore": "Low", "riskScore": "Low",
"exposureLevel": "Medium", "exposureLevel": "Low",
"isAadJoined": true, "aadDeviceId": "fd2e4d29-7072-4195-aaa5-1af139b78028",
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", "machineTags": [
"machineTags": [ "test tag 1", "test tag 2" ] "Tag1",
"Tag2"
],
"ipAddresses": [
{
"ipAddress": "10.166.113.47",
"macAddress": "8CEC4B897E73",
"operationalStatus": "Up"
},
{
"ipAddress": "2a01:110:68:4:59e4:3916:3b3e:4f96",
"macAddress": "8CEC4B897E73",
"operationalStatus": "Up"
} }
]
},
... ...
] ]
} }

4
windows/security/threat-protection/microsoft-defender-atp/machine.md
View File

@ -58,17 +58,19 @@ computerDnsName | String | [machine](machine.md) fully qualified name.
firstSeen | DateTimeOffset | First date and time where the [machine](machine.md) was observed by Microsoft Defender for Endpoint. firstSeen | DateTimeOffset | First date and time where the [machine](machine.md) was observed by Microsoft Defender for Endpoint.
lastSeen | DateTimeOffset |Time and date of the last received full device report. A device typically sends a full report every 24 hours. lastSeen | DateTimeOffset |Time and date of the last received full device report. A device typically sends a full report every 24 hours.
osPlatform | String | Operating system platform. osPlatform | String | Operating system platform.
osProcessor | String | Operating system processor.
version | String | Operating system Version. version | String | Operating system Version.
osBuild | Nullable long | Operating system build number. osBuild | Nullable long | Operating system build number.
lastIpAddress | String | Last IP on local NIC on the [machine](machine.md). lastIpAddress | String | Last IP on local NIC on the [machine](machine.md).
lastExternalIpAddress | String | Last IP through which the [machine](machine.md) accessed the internet. lastExternalIpAddress | String | Last IP through which the [machine](machine.md) accessed the internet.
healthStatus | Enum | [machine](machine.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData", "NoSensorDataImpairedCommunication" and "Unknown". healthStatus | Enum | [machine](machine.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData", "NoSensorDataImpairedCommunication" and "Unknown".
rbacGroupName | String | Machine group Name. rbacGroupName | String | Machine group Name.
rbacGroupId | Int | Machine group unique ID.
riskScore | Nullable Enum | Risk score as evaluated by Microsoft Defender for Endpoint. Possible values are: 'None', 'Informational', 'Low', 'Medium' and 'High'. riskScore | Nullable Enum | Risk score as evaluated by Microsoft Defender for Endpoint. Possible values are: 'None', 'Informational', 'Low', 'Medium' and 'High'.
exposureScore | Nullable Enum | [Exposure score](tvm-exposure-score.md) as evaluated by Microsoft Defender for Endpoint. Possible values are: 'None', 'Low', 'Medium' and 'High'. exposureScore | Nullable Enum | [Exposure score](tvm-exposure-score.md) as evaluated by Microsoft Defender for Endpoint. Possible values are: 'None', 'Low', 'Medium' and 'High'.
aadDeviceId | Nullable representation Guid | AAD Device ID (when [machine](machine.md) is AAD Joined). aadDeviceId | Nullable representation Guid | AAD Device ID (when [machine](machine.md) is AAD Joined).
machineTags | String collection | Set of [machine](machine.md) tags. machineTags | String collection | Set of [machine](machine.md) tags.
exposureLevel | Nullable Enum | Exposure level as evaluated by Microsoft Defender for Endpoint. Possible values are: 'None', 'Low', 'Medium' and 'High'. exposureLevel | Nullable Enum | Exposure level as evaluated by Microsoft Defender for Endpoint. Possible values are: 'None', 'Low', 'Medium' and 'High'.
deviceValue | Nullable Enum | The [value of the device](tvm-assign-device-value.md). Possible values are: 'Normal', 'Low' and 'High'. deviceValue | Nullable Enum | The [value of the device](tvm-assign-device-value.md). Possible values are: 'Normal', 'Low' and 'High'.
ipAddresses | IpAddress collection | Set of ***IpAddress*** object. See [Get machines API](get-machines.md).