deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-19 08:47:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

fix oren comments

Browse Source
This commit is contained in:
Zvi Avidor 2018-08-16 10:59:15 +03:00
parent d98bc8fac0
commit 09be5a18a1
10 changed files with 17 additions and 393 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection-new.md
View File

@ -1,103 +0,0 @@
---
title: Block file API
description: Use this API to blocking files from being running in the organization.
keywords: apis, graph api, supported apis, block file
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
ms.date: 12/08/2017
---
# Block file API
[!include[Prerelease information](prerelease.md)]
**Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
Prevent a file from being executed in the organization using Windows Defender Antivirus.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Create your app](exposed-apis-windows-defender-advanced-threat-protection-new.md#create-an-app)
Permission type | Permission | Permission display name
:---|:---|:---
Application | Ti.ReadWrite | 'Threat Intelligence read write'
## HTTP request
```
POST /api/files/{sha1}/block
```
## Request headers
Header | Value
:---|:---
Authorization | Bearer {token}. **Required**.
Content-Type | application/json
## Request body
In the request body, supply a JSON object with the following parameters:
Parameter | Type | Description
:---|:---|:---
Comment | String | Comment to associate with the action. **Required**.
## Response
If successful, this method returns 200, Ok response code with empty body, which indicates that block message was sent to Windows Defender deployed in the organization.
## Example
**Request**
Here is an example of the request.
>[!NOTE]
>For better performance, you can use server closer to your geo location:
> - api-us.securitycenter.windows.com
> - api-eu.securitycenter.windows.com
> - api-uk.securitycenter.windows.com
```
POST https://api.securitycenter.windows.com/api/files/7327b54fd718525cbca07dacde913b5ac3c85673/block
Content-type: application/json
{
"Comment": "Block file due to alert 32123"
}
```
**Response**
Here is an example of the response.
```
HTTP/1.1 201 Created
Content-type: application/json
{
"fileIdentifier": "7327b54fd718525cbca07dacde913b5ac3c85673",
"fileIdentifierType": "Sha1",
"actionType": "Block",
"fileStatus": "Blocked",
"creationDateTimeUtc": "2017-12-04T13:06:23.4502191Z",
"requestor": "Analyst@contoso.com ",
"requestorComment": "test",
"cancellationDateTimeUtc": null,
"cancellationRequestor": null,
"cancellationComment": null,
"lastUpdateDateTimeUtc": "2017-12-04T13:06:23.4502191Z"
}
```

91
windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md
View File

@ -1,91 +0,0 @@
---
title: Block file API
description: Use this API to blocking files from being running in the organization.
keywords: apis, graph api, supported apis, block file
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
ms.date: 12/08/2017
---
# Block file API
**Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
Prevent a file from being executed in the organization using Windows Defender Antivirus.
## Permissions
Users need to have Security administrator or Global admin directory roles.
## HTTP request
```
POST /testwdatppreview/files/{sha1}/block
```
## Request headers
Header | Value
:---|:---
Authorization | Bearer {token}. **Required**.
Content-Type | application/json
## Request body
In the request body, supply a JSON object with the following parameters:
Parameter | Type | Description
:---|:---|:---
Comment | String | Comment to associate with the action. **Required**.
## Response
If successful, this method returns 200, Ok response code with empty body, which indicates that block message was sent to Windows Defender deployed in the organization.
## Example
**Request**
Here is an example of the request.
```
POST https://graph.microsoft.com/testwdatppreview/files/7327b54fd718525cbca07dacde913b5ac3c85673/block
Content-type: application/json
{
"Comment": "Block file due to alert 32123"
}
```
**Response**
Here is an example of the response.
```
HTTP/1.1 201 Created
Content-type: application/json
{
"fileIdentifier": "7327b54fd718525cbca07dacde913b5ac3c85673",
"fileIdentifierType": "Sha1",
"actionType": "Block",
"fileStatus": "Blocked",
"creationDateTimeUtc": "2017-12-04T13:06:23.4502191Z",
"requestor": "Analyst@contoso.com ",
"requestorComment": "test",
"cancellationDateTimeUtc": null,
"cancellationRequestor": null,
"cancellationComment": null,
"lastUpdateDateTimeUtc": "2017-12-04T13:06:23.4502191Z"
}
```

4
windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md
View File

@ -1,5 +1,5 @@
--- ---
title: Get alerts API title: List alerts API
description: Retrieves top recent alerts. description: Retrieves top recent alerts.
keywords: apis, graph api, supported apis, get, alerts, recent keywords: apis, graph api, supported apis, get, alerts, recent
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
@ -13,7 +13,7 @@ ms.localizationpriority: medium
ms.date: 12/08/2017 ms.date: 12/08/2017
--- ---
# Get alerts API # List alerts API
[!include[Prerelease information](prerelease.md)] [!include[Prerelease information](prerelease.md)]

4
windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection-new.md
View File

@ -1,5 +1,5 @@
--- ---
title: Get MachineActions collection API title: List machineActions API
description: Use this API to create calls related to get machineactions collection description: Use this API to create calls related to get machineactions collection
keywords: apis, graph api, supported apis, machineaction collection keywords: apis, graph api, supported apis, machineaction collection
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
@ -13,7 +13,7 @@ ms.localizationpriority: medium
ms.date: 12/08/2017 ms.date: 12/08/2017
--- ---
# Get MachineActions collection API # List machineActions API
[!include[Prerelease information](prerelease.md)] [!include[Prerelease information](prerelease.md)]

4
windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md
View File

@ -1,5 +1,5 @@
--- ---
title: Get machines API title: List machines API
description: Retrieves a collection of recently seen machines. description: Retrieves a collection of recently seen machines.
keywords: apis, graph api, supported apis, get, machines keywords: apis, graph api, supported apis, get, machines
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
@ -13,7 +13,7 @@ ms.localizationpriority: medium
ms.date: 12/08/2017 ms.date: 12/08/2017
--- ---
# Get machines API # List machines API
[!include[Prerelease information](prerelease.md)] [!include[Prerelease information](prerelease.md)]

8
windows/security/threat-protection/windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md
View File

@ -1,7 +1,7 @@
--- ---
title: File resource type title: machine resource type
description: Retrieves top recent alerts. description: Retrieves top machines.
keywords: apis, graph api, supported apis, get, alerts, recent keywords: apis, supported apis, get, machines
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: deploy ms.mktglfcycl: deploy
@ -13,7 +13,7 @@ ms.localizationpriority: medium
ms.date: 12/08/2017 ms.date: 12/08/2017
--- ---
# Machine resource type # machine resource type
# Methods # Methods

8
windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md
View File

@ -1,7 +1,7 @@
--- ---
title: File resource type title: machineAction resource type
description: Retrieves top recent alerts. description: Retrieves top recent machineActions.
keywords: apis, graph api, supported apis, get, alerts, recent keywords: apis, supported apis, get, machineaction, recent
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: deploy ms.mktglfcycl: deploy
@ -13,7 +13,7 @@ ms.localizationpriority: medium
ms.date: 12/08/2017 ms.date: 12/08/2017
--- ---
# Machine Action resource type # MachineAction resource type
Method|Return Type |Description Method|Return Type |Description
:---|:---|:--- :---|:---|:---

6
windows/security/threat-protection/windows-defender-atp/offboard-machine-api-windows-defender-advanced-threat-protection-new.md
View File

@ -1,6 +1,6 @@
--- ---
title: Collect investigation package API title: Offboard machine API
description: Use this API to create calls related to the collecting an investigation package from a machine. description: Use this API to offboard a machine from WDATP.
keywords: apis, graph api, supported apis, collect investigation package keywords: apis, graph api, supported apis, collect investigation package
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
ms.prod: w10 ms.prod: w10
@ -13,7 +13,7 @@ ms.localizationpriority: medium
ms.date: 12/08/2017 ms.date: 12/08/2017
--- ---
# Collect investigation package API # Offboard machine API
[!include[Prerelease information](prerelease.md)] [!include[Prerelease information](prerelease.md)]

93
windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection-new.md
View File

@ -1,93 +0,0 @@
---
title: Unblock file API
description: Use this API to create calls related to allowing a file to be executed in the organization
keywords: apis, graph api, supported apis, unblock file
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
ms.date: 12/08/2017
---
# Unblock file API
[!include[Prerelease information](prerelease.md)]
**Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
Allow a file to be executed in the organization, using Windows Defender Antivirus.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Create your app](exposed-apis-windows-defender-advanced-threat-protection-new.md#create-an-app)
Permission type | Permission | Permission display name
:---|:---|:---
Application | Ti.ReadWrite | 'Threat Intelligence read write'
## HTTP request
```
POST /api/files/{sha1}/unblock
```
## Request headers
Header | Value
:---|:---
Authorization | Bearer {token}. **Required**.
Content-Type | application/json
## Request body
In the request body, supply a JSON object with the following parameters:
Parameter | Type | Description
:---|:---|:---
Comment | String | Comment to associate with the action. **Required**.
## Response
If successful, this method returns 201 Created response code with action details, which indicates that unblock message was sent to Windows Defender deployed in the organization.
## Example
**Request**
Here is an example of the request.
```
POST https://api.securitycenter.windows.com/api/files/7327b54fd718525cbca07dacde913b5ac3c85673/unblock
Content-type: application/json
{
"Comment": "Unblock file since alert 1234 was investigated and discovered to be false alarm",
}
```
**Response**
Here is an example of the response.
```
HTTP/1.1 201 Created
Content-type: application/json
{
"fileIdentifier": "7327b54fd718525cbca07dacde913b5ac3c85673",
"fileIdentifierType": "Sha1",
"actionType": "UnBlock",
"fileStatus": "Blocked",
"creationDateTimeUtc": "2017-12-04T13:06:23.4502191Z",
"requestor": "Analyst@contoso.com ",
"requestorComment": "test",
"cancellationDateTimeUtc": null,
"cancellationRequestor": null,
"cancellationComment": null,
"lastUpdateDateTimeUtc": "2017-12-04T13:06:23.4502191Z"
}
```

89
windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md
View File

@ -1,89 +0,0 @@
---
title: Unblock file API
description: Use this API to create calls related to allowing a file to be executed in the organization
keywords: apis, graph api, supported apis, unblock file
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
ms.date: 12/08/2017
---
# Unblock file API
**Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
Allow a file to be executed in the organization, using Windows Defender Antivirus.
## Permissions
Users need to have Security administrator or Global admin directory roles.
## HTTP request
```
POST /testwdatppreview/files/{sha1}/unblock
```
## Request headers
Header | Value
:---|:---
Authorization | Bearer {token}. **Required**.
Content-Type | application/json
## Request body
In the request body, supply a JSON object with the following parameters:
Parameter | Type | Description
:---|:---|:---
Comment | String | Comment to associate with the action. **Required**.
## Response
If successful, this method returns 200, Ok response code with empty body, which indicates that block message was sent to Windows Defender deployed in the organization.
## Example
**Request**
Here is an example of the request.
```
POST https://graph.microsoft.com/testwdatppreview/files/7327b54fd718525cbca07dacde913b5ac3c85673/unblock
Content-type: application/json
{
"Comment": "Unblock file since alert 1234 was investigated and discovered to be false alarm",
}
```
**Response**
Here is an example of the response.
```
HTTP/1.1 201 Created
Content-type: application/json
{
"fileIdentifier": "7327b54fd718525cbca07dacde913b5ac3c85673",
"fileIdentifierType": "Sha1",
"actionType": "UnBlock",
"fileStatus": "Blocked",
"creationDateTimeUtc": "2017-12-04T13:06:23.4502191Z",
"requestor": "Analyst@contoso.com ",
"requestorComment": "test",
"cancellationDateTimeUtc": null,
"cancellationRequestor": null,
"cancellationComment": null,
"lastUpdateDateTimeUtc": "2017-12-04T13:06:23.4502191Z"
}
```