deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 12:53:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

add api calls

Browse Source
This commit is contained in:
jcaparas
2017-08-24 22:13:05 -07:00
parent 3e8a246e6d
commit 0ae24befcf
10 changed files with 777 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
windows/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md Normal file
View File

@ -0,0 +1,68 @@
---
title: Block file API
description: Use this API to create calls related to blocking files from being executed in the organization.
keywords: apis, graph api, supported apis, block file
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.date: 09/01.2017
---
# Block file
Prevent a file from being executed in the organization using Windows Defender.
## Permissions
User needs to have “secop” permissions.
## HTTP request
```
POST /testwdatppreview/files/{sha1}/block
```
## Request headers
Header | Value
:---|:---
Authorization | Bearer {token}. **Required**.
Content-Type | application/json
## Request body
In the request body, supply a JSON object with the following parameters:
Parameter | Type | Description
:---|:---|:---
Comment | String | Comment to associate with the action. **Required**.
## Response
If successful, this method returns 200, Ok response code with empty body, which indicates that block message was sent to Windows Defender deployed in the organization.
## Example
Request
Here is an example of the request.
```
POST https://graph.microsoft.com/testwdatppreview/machines/7327b54fd718525cbca07dacde913b5ac3c85673/block
Content-type: application/json
{
"Comment": "Block file due to alert 32123"
}
```
Response
Here is an example of the response.
```
HTTP/1.1 200 Ok
```

87
windows/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md Normal file
View File

@ -0,0 +1,87 @@
---
title: Collect investigation package API
description: Use this API to create calls related to the collecting an investigation package from a machine.
keywords: apis, graph api, supported apis, collect investigation package
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.date: 09/01.2017
---
# Collect investigation package
Collect investigation package from a machine.
## Permissions
User needs to have “secop” permissions.
## HTTP request
```
POST /testwdatppreview/machines/{id}/collectInvestigationPackage
```
## Request headers
Header | Value
:---|:---
Authorization | Bearer {token}. Required.
Content-Type | application/json
## Request body
In the request body, supply a JSON object with the following parameters:
Parameter | Type | Description
:---|:---|:---
Comment | Text | Comment to associate with the action. **Required**.
## Response
If successful, this method returns 201, Created response code and _MachineAction_ object in the response body.
## Example
Request
Here is an example of the request.
```
POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/collectInvestigationPackage
Content-type: application/json
{
"Comment": "Collect forensics due to alert 1234"
}
Response
Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions/$entity",
"id": "ac19aae7-4146-4a13-a786-eb43d8557f7c",
"type": "CollectInvestigationPackage",
"status": "InProgress",
"error": "Unknown"
}
```
Response
Here is an example of the response.
>[!NOTE]
>The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
```
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions/$entity",
"id": "ac19aae7-4146-4a13-a786-eb43d8557f7c",
"type": "CollectInvestigationPackage",
"status": "InProgress",
"error": "Unknown"
}
```

83
windows/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md Normal file
View File

@ -0,0 +1,83 @@
---
title: Isolate machine API
description: Use this API to create calls related isolating a machine.
keywords: apis, graph api, supported apis, isolate machine
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.date: 09/01.2017
---
# Isolate machine
Isolates a machine from accessing external network.
## Permissions
User needs to have “secop” permissions.
## HTTP request
```
POST /testwdatppreview/machines/{id}/isolate
```
## Request headers
Header | Value
:---|:---
Authorization | Bearer {token}. Required.
Content-Type | application/json
## Request body
In the request body, supply a JSON object with the following parameters:
Parameter | Type | Description
:---|:---|:---
Comment | String | Comment to associate with the action. **Required**.
IsolationType | IsolationType | Full or selective isolation
**IsolationType** controls the type of isolation to perform and can be one of the following:
- Full Full isolation
- Selective Restrict only limited set of applications from accessing the network
## Response
If successful, this method returns 201, Created response code and _MachineAction_ object in the response body.
## Example
Request
Here is an example of the request.
```
POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/isolate
Content-type: application/json
{
"Comment": "Isolate machine due to alert 1234",
“IsolationType”: “Full”
}
```
Response
Here is an example of the response.
>[!NOTE]
>The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
```
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions/$entity",
"id": "ac19aae7-4146-4a13-a786-eb43d8557f7c",
"type": "Isolate",
"status": "InProgress",
"error": "Unknown"
}
```

78
windows/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md Normal file
View File

@ -0,0 +1,78 @@
---
title: Request sample API
description: Use this API to create calls related to requesting a sample from a machine.
keywords: apis, graph api, supported apis, request sample
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.date: 09/01.2017
---
# Request sample
Request sample of a file from a specific machine. File will be collected from the machine and uploaded to a secure storage.
## Permissions
User needs to have “secop” permissions.
## HTTP request
```
POST /testwdatppreview/machines/{id}/requestSample
```
## Request headers
Header | Value
:---|:---
Authorization | Bearer {token}. **Required**.
Content-Type | application/json
## Request body
In the request body, supply a JSON object with the following parameters:
Parameter | Type | Description
:---|:---|:---
Comment | String | Comment to associate with the action. **Required**.
SHA1 | String | SHA1 of the file to upload to the secure storage. **Required**.
## Response
If successful, this method returns 201, Created response code and *FileMachineAction* object in the response body.
## Example
Request
Here is an example of the request.
```
POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/unrestrictCodeExecution
Content-type: application/json
{
"Comment": "Stop and quarantine file on machine due to alert 32123",
“Sha1”: “7327b54fd718525cbca07dacde913b5ac3c85673”
}
```
Response
Here is an example of the response.
>[!NOTE]
>The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
```
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#FileMachineActions/$entity",
"id": "ac19aae7-4146-4a13-a786-eb43d8557f7c",
"type": "RequestSample",
"status": "InProgress",
"error": "Unknown"
}
```

76
windows/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md Normal file
View File

@ -0,0 +1,76 @@
---
title: Restrict app execution API
description: Use this API to create calls related to restricting an application from executing.
keywords: apis, graph api, supported apis, collect investigation package
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.date: 09/01.2017
---
# Restrict app execution
Restrict execution of set of predefined applications.
## Permissions
User needs to have “secop” permissions.
## HTTP request
```
POST /testwdatppreview/machines/{id}/restrictCodeExecution
```
## Request headers
Header | Value
:---|:---
Authorization | Bearer {token}. Required.
Content-Type | application/json
## Request body
In the request body, supply a JSON object with the following parameters:
Parameter | Type | Description
:---|:---|:---
Comment | String | Comment to associate with the action. **Required**.
## Response
If successful, this method returns 201, Created response code and _MachineAction_ object in the response body.
## Example
Request
Here is an example of the request.
```
POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/restrictCodeExecution
Content-type: application/json
{
"Comment": "Restrict code execution due to alert 1234"
}
```
Response
Here is an example of the response.
>[!NOTE]
>The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
```
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions/$entity",
"id": "ac19aae7-4146-4a13-a786-eb43d8557f7c",
"type": "RestrictExecution",
"status": "InProgress",
"error": "Unknown"
}
```

85
windows/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md Normal file
View File

@ -0,0 +1,85 @@
---
title: Run antivirus scan API
description: Use this API to create calls related to running an antivirus scan on a machine.
keywords: apis, graph api, supported apis, remove machine from isolation
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.date: 09/01.2017
---
# Run antivirus scan
Initiate Windows Defender Antivirus scan on the machine.
## Permissions
User needs to have “secop” permissions.
## HTTP request
```
POST /testwdatppreview/machines/{id}/runAntiVirusScan
```
## Request headers
Header | Value
:---|:---
Authorization | Bearer {token}. Required.
Content-Type | application/json
## Request body
In the request body, supply a JSON object with the following parameters:
Parameter | Type | Description
:---|:---|:---
Comment | String | Comment to associate with the action. **Required**.
ScanType| ScanType | Defines the type of the Scan. **Required**.
**ScanType** controls the type of isolation to perform and can be one of the following:
- **Quick** Perform quick scan on the machine
- **Full** Perform full scan on the machine
## Response
If successful, this method returns 201, Created response code and _MachineAction_ object in the response body.
## Example
Request
Here is an example of the request.
```
POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/runAntiVirusScan
Content-type: application/json
{
"Comment": "Check machine for viruses due to alert 3212",
“ScanType”: “Full”
}
```
Response
Here is an example of the response.
>[!NOTE]
>The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
```
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions/$entity",
"id": "ac19aae7-4146-4a13-a786-eb43d8557f7c",
"type": "RunAntiVirusScan",
"status": "InProgress",
"error": "Unknown"
}
```

78
windows/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md Normal file
View File

@ -0,0 +1,78 @@
---
title: Stop and quarantine file API
description: Use this API to create calls related to stopping and quarantining a file.
keywords: apis, graph api, supported apis, stop, quarantine, file
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.date: 09/01.2017
---
# Stop and quarantine file
Stop execution of a file on a machine and ensure its not executed again on that machine.
## Permissions
User needs to have “secop” permissions.
## HTTP request
```
POST /testwdatppreview/machines/{id}/stopAndQuarantineFile
```
## Request headers
Header | Value
:---|:---
Authorization | Bearer {token}. Required.
Content-Type | application/json
## Request body
In the request body, supply a JSON object with the following parameters:
Parameter | Type | Description
:---|:---|:---
Comment | String | Comment to associate with the action. **Required**.
SHA1 | String | SHA1 of the file to stop and quarantine on the machine. **Required**.
## Response
If successful, this method returns 201, Created response code and _FileMachineAction_ object in the response body.
## Example
Request
Here is an example of the request.
```
POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/unrestrictCodeExecution
Content-type: application/json
{
"Comment": "Stop and quarantine file on machine due to alert 32123",
“Sha1”: “7327b54fd718525cbca07dacde913b5ac3c85673”
}
```
Response
Here is an example of the response.
>[!NOTE]
>The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
```
HTTP/1.1 201 Created
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#FileMachineActions/$entity",
"id": "ac19aae7-4146-4a13-a786-eb43d8557f7c",
"type": "StopAndQuarantineFile",
"status": "InProgress",
"error": "Unknown"
}
```

67
windows/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md Normal file
View File

@ -0,0 +1,67 @@
---
title: Unblock file API
description: Use this API to create calls related to allowing a file to be executed in the organization
keywords: apis, graph api, supported apis, unblock file
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.date: 09/01.2017
---
# Unblock file
Allow a file to be executed in the organization, using Windows Defender.
## Permissions
User needs to have “secop” permissions.
## HTTP request
```
POST /testwdatppreview/files/{sha1}/unblock
```
## Request headers
Header | Value
:---|:---
Authorization | Bearer {token}. **Required**.
Content-Type | application/json
## Request body
In the request body, supply a JSON object with the following parameters:
Parameter | Type | Description
:---|:---|:---
Comment | String | Comment to associate with the action. **Required**.
## Response
If successful, this method returns 200, Ok response code with empty body, which indicates that block message was sent to Windows Defender deployed in the organization.
## Example
Request
Here is an example of the request.
```
POST https://graph.microsoft.com/testwdatppreview/files/7327b54fd718525cbca07dacde913b5ac3c85673/unblock
Content-type: application/json
{
"Comment": "Unblock file since alert 1234 was investigated and discovered to be false alarm",
}
```
Response
Here is an example of the response.
```
HTTP/1.1 200 Ok
```

77
windows/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md Normal file
View File

@ -0,0 +1,77 @@
---
title: Unisolate machine API
description: Use this API to create calls related to removing a machine from isolation.
keywords: apis, graph api, supported apis, remove machine from isolation
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.date: 09/01.2017
---
# Unisolate machine
Remove machine from isolation.
## Permissions
User needs to have “secop” permissions.
## HTTP request
```
POST /testwdatppreview/machines/{id}/unisolate
```
## Request headers
Header | Value
:---|:---
Authorization | Bearer {token}. Required.
Content-Type | application/json
## Request body
In the request body, supply a JSON object with the following parameters:
Parameter | Type | Description
:---|:---|:---
Comment | String | Comment to associate with the action. **Required**.
## Response
If successful, this method returns 201, Created response code and _MachineAction_ object in the response body.
## Example
Request
Here is an example of the request.
```
POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/unisolate
Content-type: application/json
{
"Comment": "Unisolate machine since it was clean and validated"
}
```
Response
Here is an example of the response.
>[!NOTE]
>The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
```
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions/$entity",
"id": "ac19aae7-4146-4a13-a786-eb43d8557f7c",
"type": "Unisolate",
"status": "InProgress",
"error": "Unknown"
}
```

78
windows/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md Normal file
View File

@ -0,0 +1,78 @@
---
title: Remove code execution restriction API
description: Use this API to create calls related to removing a restriction from applications from executing.
keywords: apis, graph api, supported apis, remove machine from isolation
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.date: 09/01.2017
---
# Remove code execution restriction
Remove code execution restriction.
## Permissions
User needs to have “secop” permissions.
## HTTP request
```
POST /testwdatppreview/machines/{id}/unrestrictCodeExecution
```
## Request headers
Header | Value
:---|:---
Authorization | Bearer {token}. Required.
Content-Type | application/json
## Request body
In the request body, supply a JSON object with the following parameters:
Parameter | Type | Description
:---|:---|:---
Comment | String | Comment to associate with the action. **Required**.
## Response
If successful, this method returns 201, Created response code and _MachineAction_ object in the response body.
## Example
Request
Here is an example of the request.
```
POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/unrestrictCodeExecution
Content-type: application/json
{
"Comment": "Unrestrict code execution since machine was cleaned and validated"
}
```
Response
Here is an example of the response.
>[!NOTE]
>The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
```
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions/$entity",
"id": "ac19aae7-4146-4a13-a786-eb43d8557f7c",
"type": "UnrestrictExecution",
"status": "InProgress",
"error": "Unknown"
}
```