From 0d436b7d431ab89b8bba3ff3729c2a42feb68281 Mon Sep 17 00:00:00 2001 From: Ben Alfasi Date: Tue, 27 Nov 2018 14:00:54 +0200 Subject: [PATCH] s --- windows/security/threat-protection/TOC.md | 6 +- .../windows-defender-atp/TOC.md | 6 +- ...defender-advanced-threat-protection-new.md | 42 +++---- .../exposed-apis-odata-samples.md | 118 +++++++++--------- ...defender-advanced-threat-protection-new.md | 37 +++--- ...defender-advanced-threat-protection-new.md | 28 ++--- ...defender-advanced-threat-protection-new.md | 5 +- ...defender-advanced-threat-protection-new.md | 60 +++++---- ...defender-advanced-threat-protection-new.md | 27 ++-- ...defender-advanced-threat-protection-new.md | 20 ++- ...defender-advanced-threat-protection-new.md | 16 +-- ...defender-advanced-threat-protection-new.md | 4 +- ...defender-advanced-threat-protection-new.md | 13 +- ...defender-advanced-threat-protection-new.md | 24 ++-- ...defender-advanced-threat-protection-new.md | 21 ++-- ...defender-advanced-threat-protection-new.md | 17 +-- 16 files changed, 223 insertions(+), 221 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index ea1d8e22a6..1c777923ed 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -265,7 +265,7 @@ ######## [Is IP seen in organization](windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection-new.md) ####### [Machine](windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md) -######## [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md) +######## [List machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md) ######## [Get machine by ID](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md) ######## [Get machine log on users](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md) ######## [Get machine related alerts](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md) @@ -274,8 +274,8 @@ ####### [Machine Action](windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md) -######## [List MachineActions](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection-new.md) -######## [Get MachineAction](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection-new.md) +######## [List Machine Actions](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection-new.md) +######## [Get Machine Action](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection-new.md) ######## [Collect investigation package](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection-new.md) ######## [Get investigation package SAS URI](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection-new.md) ######## [Isolate machine](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection-new.md) diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md index f8ba6e6e36..b7634537bd 100644 --- a/windows/security/threat-protection/windows-defender-atp/TOC.md +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -262,7 +262,7 @@ ####### [Is IP seen in organization](is-ip-seen-org-windows-defender-advanced-threat-protection-new.md) ###### [Machine](machine-windows-defender-advanced-threat-protection-new.md) -####### [Get machines](get-machines-windows-defender-advanced-threat-protection-new.md) +####### [List machines](get-machines-windows-defender-advanced-threat-protection-new.md) ####### [Get machine by ID](get-machine-by-id-windows-defender-advanced-threat-protection-new.md) ####### [Get machine log on users](get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md) ####### [Get machine related alerts](get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md) @@ -270,8 +270,8 @@ ####### [Find machines by IP](find-machines-by-ip-windows-defender-advanced-threat-protection-new.md) ###### [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) -####### [List MachineActions](get-machineactions-collection-windows-defender-advanced-threat-protection-new.md) -####### [Get MachineAction](get-machineaction-object-windows-defender-advanced-threat-protection-new.md) +####### [List Machine Actions](get-machineactions-collection-windows-defender-advanced-threat-protection-new.md) +####### [Get Machine Action](get-machineaction-object-windows-defender-advanced-threat-protection-new.md) ####### [Collect investigation package](collect-investigation-package-windows-defender-advanced-threat-protection-new.md) ####### [Get investigation package SAS URI](get-package-sas-uri-windows-defender-advanced-threat-protection-new.md) ####### [Isolate machine](isolate-machine-windows-defender-advanced-threat-protection-new.md) diff --git a/windows/security/threat-protection/windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md index e28bac587b..0fa51e3bfb 100644 --- a/windows/security/threat-protection/windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md @@ -15,10 +15,12 @@ ms.date: 12/08/2017 # Add or Remove Machine Tags API +**Applies to:** + +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + [!include[Prerelease information](prerelease.md)] -**Applies to:** -- Windows Defender Advanced Threat Protection (Windows Defender ATP) - Adds or remove tag to a specific machine. ## Permissions @@ -68,10 +70,10 @@ Here is an example of a request that adds machine tag. [!include[Improve request performance](improverequestperformance-new.md)] ``` -POST https://api.securitycenter.windows.com/api/machines/863fed4b174465c703c6e412965a31b5e1884cc4/tags +POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/tags Content-type: application/json { - "Value" : "Test Tag", + "Value" : "test Tag 2", "Action": "Add" } @@ -85,26 +87,24 @@ HTTP/1.1 200 Ok Content-type: application/json { "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machine/$entity", - "id": "863fed4b174465c703c6e412965a31b5e1884cc4", - "computerDnsName": "mymachine55.contoso.com", - "firstSeen": "2018-07-31T14:20:55.8223496Z", - "lastSeen": "2018-09-27T08:44:05.6228836Z", + "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", + "computerDnsName": "mymachine1.contoso.com", + "firstSeen": "2018-08-02T14:55:03.7791856Z", + "lastSeen": "2018-08-02T14:55:03.7791856Z", "osPlatform": "Windows10", - "osVersion": null, - "lastIpAddress": "10.248.240.38", - "lastExternalIpAddress": "167.220.2.166", - "agentVersion": "10.3720.16299.98", - "osBuild": 16299, + "osVersion": "10.0.0.0", + "lastIpAddress": "172.17.230.209", + "lastExternalIpAddress": "167.220.196.71", + "agentVersion": "10.5830.18209.1001", + "osBuild": 18209, "healthStatus": "Active", - "isAadJoined": true, - "machineTags": [ - "Test Tag" - ], - "rbacGroupId": 75, - "riskScore": "Medium", - "aadDeviceId": null + "rbacGroupId": 140, + "riskScore": "Low", + "isAadJoined": true, + "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", + "machineTags": [ "test tag 1", "test tag 2" ] } ``` -To remove machine tag, set the Action to 'Remove' instead of 'Add' in the request body. \ No newline at end of file +- To remove machine tag, set the Action to 'Remove' instead of 'Add' in the request body. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md index e91e3db930..ba26088a19 100644 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md +++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md @@ -46,25 +46,22 @@ Content-type: application/json "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", "value": [ { - "id": "b9d4c51123327fb2a25db29ff1b8f3b64888e7ba", - "computerDnsName": "examples.dev.corp.Contoso.com", - "firstSeen": "2018-03-07T11:19:11.7234147Z", - "lastSeen": "2018-11-15T11:23:38.3196947Z", + "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", + "computerDnsName": "mymachine1.contoso.com", + "firstSeen": "2018-08-02T14:55:03.7791856Z", + "lastSeen": "2018-08-02T14:55:03.7791856Z", "osPlatform": "Windows10", "osVersion": "10.0.0.0", - "lastIpAddress": "123.17.255.241", - "lastExternalIpAddress": "123.220.196.180", - "agentVersion": "10.6400.18282.1001", - "osBuild": 18282, + "lastIpAddress": "172.17.230.209", + "lastExternalIpAddress": "167.220.196.71", + "agentVersion": "10.5830.18209.1001", + "osBuild": 18209, "healthStatus": "Active", - "isAadJoined": true, - "machineTags": [ - "ExampleTag" - ], - "rbacGroupId": 5, - "rbacGroupName": "Developers", - "riskScore": "North", - "aadDeviceId": null + "rbacGroupId": 140, + "riskScore": "High", + "isAadJoined": true, + "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", + "machineTags": [ "test tag 1", "test tag 2", "ExampleTag" ] }, . . @@ -134,23 +131,22 @@ Content-type: application/json "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", "value": [ { - "id": "e3a77eeddb83d581238792387b1239b01286b2f", - "computerDnsName": "examples.dev.corp.Contoso.com", - "firstSeen": "2016-11-02T23:26:03.7882168Z", - "lastSeen": "2018-11-12T10:27:08.708723Z", + "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", + "computerDnsName": "mymachine1.contoso.com", + "firstSeen": "2018-08-02T14:55:03.7791856Z", + "lastSeen": "2018-08-02T14:55:03.7791856Z", "osPlatform": "Windows10", "osVersion": "10.0.0.0", - "lastIpAddress": "123.123.10.33", - "lastExternalIpAddress": "124.124.160.172", - "agentVersion": "10.6300.18279.1001", - "osBuild": 18279, - "healthStatus": "ImpairedCommunication", - "isAadJoined": true, - "machineTags": [], - "rbacGroupId": 5, - "rbacGroupName": "Developers", + "lastIpAddress": "172.17.230.209", + "lastExternalIpAddress": "167.220.196.71", + "agentVersion": "10.5830.18209.1001", + "osBuild": 18209, + "healthStatus": "Active", + "rbacGroupId": 140, "riskScore": "High", - "aadDeviceId": "d90b0b99-1234-1234-1234-b91d50c6796a" + "isAadJoined": true, + "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", + "machineTags": [ "test tag 1", "test tag 2", "ExampleTag" ] }, . . @@ -176,23 +172,22 @@ Content-type: application/json "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", "value": [ { - "id": "1113333ddb83d581238792387b1239b01286b2f", - "computerDnsName": "examples.dev.corp.Contoso.com", - "firstSeen": "2016-11-02T23:26:03.7882168Z", - "lastSeen": "2018-11-12T10:27:08.708723Z", + "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", + "computerDnsName": "mymachine1.contoso.com", + "firstSeen": "2018-08-02T14:55:03.7791856Z", + "lastSeen": "2018-08-02T14:55:03.7791856Z", "osPlatform": "Windows10", "osVersion": "10.0.0.0", - "lastIpAddress": "123.123.10.33", - "lastExternalIpAddress": "124.124.160.172", - "agentVersion": "10.6300.18279.1001", - "osBuild": 18279, - "healthStatus": "ImpairedCommunication", - "isAadJoined": true, - "machineTags": [], - "rbacGroupId": 5, - "rbacGroupName": "Developers", - "riskScore": "Medium", - "aadDeviceId": "d90b0b99-1234-1234-1234-b91d50c6796a" + "lastIpAddress": "172.17.230.209", + "lastExternalIpAddress": "167.220.196.71", + "agentVersion": "10.5830.18209.1001", + "osBuild": 18209, + "healthStatus": "Active", + "rbacGroupId": 140, + "riskScore": "High", + "isAadJoined": true, + "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", + "machineTags": [ "test tag 1", "test tag 2", "ExampleTag" ] }, . . @@ -206,7 +201,7 @@ Content-type: application/json - Get all the machines that last seen after 2018-10-20 ``` -HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=lastSeen gt 2018-10-20Z +HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=lastSeen gt 2018-08-01Z ``` **Response:** @@ -218,23 +213,22 @@ Content-type: application/json "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", "value": [ { - "id": "83113465ffceca4a731234e5dcde3357e026e873", - "computerDnsName": "examples-vm10", - "firstSeen": "2018-11-12T16:07:50.1706168Z", - "lastSeen": "2018-11-12T16:07:50.1706168Z", - "osPlatform": "WindowsServer2019", - "osVersion": null, - "lastIpAddress": "10.123.72.35", - "lastExternalIpAddress": "123.220.2.3", - "agentVersion": "10.6300.18281.1000", - "osBuild": 18281, + "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", + "computerDnsName": "mymachine1.contoso.com", + "firstSeen": "2018-08-02T14:55:03.7791856Z", + "lastSeen": "2018-08-02T14:55:03.7791856Z", + "osPlatform": "Windows10", + "osVersion": "10.0.0.0", + "lastIpAddress": "172.17.230.209", + "lastExternalIpAddress": "167.220.196.71", + "agentVersion": "10.5830.18209.1001", + "osBuild": 18209, "healthStatus": "Active", - "isAadJoined": false, - "machineTags": [], - "rbacGroupId": 5, - "rbacGroupName": "Developers", - "riskScore": "None", - "aadDeviceId": null + "rbacGroupId": 140, + "riskScore": "High", + "isAadJoined": true, + "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", + "machineTags": [ "test tag 1", "test tag 2", "ExampleTag" ] }, . . diff --git a/windows/security/threat-protection/windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md index 495830551e..fc21244a6e 100644 --- a/windows/security/threat-protection/windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md @@ -15,11 +15,12 @@ ms.date: 12/08/2017 # Find machines by internal IP API -[!include[Prerelease information](prerelease.md)] - **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) + +[!include[Prerelease information](prerelease.md)] + - Find machines seen with the requested internal IP in the time range of 15 minutes prior and after a given timestamp - The given timestamp must be in the past 30 days. @@ -83,22 +84,22 @@ Content-type: application/json "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", "value": [ { - "id": "863fed4b174465c703c6e412965a31b5e1884cc4", - "computerDnsName": "mymachine33.contoso.com", - "firstSeen": "2018-07-31T14:20:55.8223496Z", - "lastSeen": null, - "osPlatform": "Windows10", - "osVersion": null, - "lastIpAddress": "10.248.240.38", - "lastExternalIpAddress": "167.220.2.166", - "agentVersion": "10.3720.16299.98", - "osBuild": 16299, - "healthStatus": "Active", - "isAadJoined": true, - "machineTags": [], - "rbacGroupId": 75, - "riskScore": "Medium", - "aadDeviceId": null + "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", + "computerDnsName": "mymachine1.contoso.com", + "firstSeen": "2018-08-02T14:55:03.7791856Z", + "lastSeen": "2018-09-22T08:55:03.7791856Z", + "osPlatform": "Windows10", + "osVersion": "10.0.0.0", + "lastIpAddress": "10.248.240.38", + "lastExternalIpAddress": "167.220.196.71", + "agentVersion": "10.5830.18209.1001", + "osBuild": 18209, + "healthStatus": "Active", + "rbacGroupId": 140, + "riskScore": "Low", + "isAadJoined": true, + "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", + "machineTags": [ "test tag 1", "test tag 2" ] } ] } diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md index 33075d8e93..cee30245d6 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md @@ -14,12 +14,13 @@ ms.date: 12/08/2017 --- # Get alert related machine information API + **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) [!include[Prerelease information](prerelease.md)] -Retrieves machine that is related to a specific alert. +- Retrieves machine that is related to a specific alert. ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md) @@ -77,22 +78,21 @@ HTTP/1.1 200 OK Content-type: application/json { "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines/$entity", - "id": "ff0c3800ed8d66738a514971cd6867166809369f", - "computerDnsName": "amazingmachine.contoso.com", - "firstSeen": "2017-12-10T07:47:34.4269783Z", - "lastSeen": "2017-12-10T07:47:34.4269783Z", + "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", + "computerDnsName": "mymachine1.contoso.com", + "firstSeen": "2018-08-02T14:55:03.7791856Z", + "lastSeen": "2018-08-02T14:55:03.7791856Z", "osPlatform": "Windows10", "osVersion": "10.0.0.0", - "systemProductName": null, - "lastIpAddress": "172.17.0.0", - "lastExternalIpAddress": "167.220.0.0", - "agentVersion": "10.5830.17732.1001", - "osBuild": 17732, + "lastIpAddress": "172.17.230.209", + "lastExternalIpAddress": "167.220.196.71", + "agentVersion": "10.5830.18209.1001", + "osBuild": 18209, "healthStatus": "Active", - "isAadJoined": true, - "machineTags": [], - "rbacGroupId": 75, + "rbacGroupId": 140, "riskScore": "Low", - "aadDeviceId": "80fe8ff8-0000-0000-9591-41f0491218f9" + "isAadJoined": true, + "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", + "machineTags": [ "test tag 1", "test tag 2" ] } ``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md index baf2f17c9a..63051a6de3 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md @@ -24,7 +24,7 @@ ms.date: 12/08/2017 - Retrieves a collection of Alerts. - Supports [OData V4 queries](https://www.odata.org/documentation/). - The OData's Filter query is supported on: "Id", "IncidentId", "AlertCreationTime", "Status", "Severity" and "Category". - +- See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md) ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md) @@ -132,3 +132,6 @@ Here is an example of the response. ] } ``` + +## Related topics +- [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md) diff --git a/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md index f5ac6e74f8..35230abcc7 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md @@ -80,43 +80,41 @@ Content-type: application/json "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", "value": [ { - "id": "02ea9a24e8bd39c247ed7ca0edae879c321684e5", - "computerDnsName": "testMachine1", - "firstSeen": "2018-07-30T20:12:00.3708661Z", - "lastSeen": "2018-07-30T20:12:00.3708661Z", + "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", + "computerDnsName": "mymachine1.contoso.com", + "firstSeen": "2018-08-02T14:55:03.7791856Z", + "lastSeen": "2018-08-02T14:55:03.7791856Z", "osPlatform": "Windows10", - "osVersion": null, - "systemProductName": null, - "lastIpAddress": "10.209.67.177", - "lastExternalIpAddress": "167.220.1.210", - "agentVersion": "10.5830.18208.1000", - "osBuild": 18208, - "healthStatus": "Inactive", - "isAadJoined": false, - "machineTags": [], - "rbacGroupId": 75, + "osVersion": "10.0.0.0", + "lastIpAddress": "172.17.230.209", + "lastExternalIpAddress": "167.220.196.71", + "agentVersion": "10.5830.18209.1001", + "osBuild": 18209, + "healthStatus": "Active", + "rbacGroupId": 140, "riskScore": "Low", - "aadDeviceId": null + "isAadJoined": true, + "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", + "machineTags": [ "test tag 1", "test tag 2" ] }, { - "id": "02efb9a9b85f07749a018fbf3f962b4700b3b949", - "computerDnsName": "testMachine2", - "firstSeen": "2018-07-30T19:50:47.3618349Z", - "lastSeen": "2018-07-30T19:50:47.3618349Z", + "id": "7292e4b8cb74ff1cc3d8a495eb29dc8858b732f7", + "computerDnsName": "mymachine2.contoso.com", + "firstSeen": "2018-07-09T13:22:45.1250071Z", + "lastSeen": "2018-07-09T13:22:45.1250071Z", "osPlatform": "Windows10", - "osVersion": null, - "systemProductName": null, - "lastIpAddress": "10.209.70.231", - "lastExternalIpAddress": "167.220.0.28", - "agentVersion": "10.5830.18208.1000", - "osBuild": 18208, + "osVersion": "10.0.0.0", + "lastIpAddress": "192.168.12.225", + "lastExternalIpAddress": "79.183.65.82", + "agentVersion": "10.5820.17724.1000", + "osBuild": 17724, "healthStatus": "Inactive", - "isAadJoined": false, - "machineTags": [], - "rbacGroupId": 75, - "riskScore": "None", - "aadDeviceId": null - } + "rbacGroupId": 140, + "riskScore": "Low", + "isAadJoined": false, + "aadDeviceId": null, + "machineTags": [ "test tag 1" ] + } ] } ``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection-new.md index 79aaefa954..75017123a4 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection-new.md @@ -14,13 +14,14 @@ ms.date: 12/08/2017 --- # Get file related machines API + **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) [!include[Prerelease information](prerelease.md)] -Retrieves a collection of machines related to a given file hash. +- Retrieves a collection of machines related to a given file hash. ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md) @@ -83,39 +84,37 @@ Content-type: application/json "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", "computerDnsName": "mymachine1.contoso.com", "firstSeen": "2018-08-02T14:55:03.7791856Z", - "lasttSeen": "2018-07-09T13:22:45.1250071Z", + "lastSeen": "2018-08-02T14:55:03.7791856Z", "osPlatform": "Windows10", - "osVersion": null, - "systemProductName": null, + "osVersion": "10.0.0.0", "lastIpAddress": "172.17.230.209", "lastExternalIpAddress": "167.220.196.71", "agentVersion": "10.5830.18209.1001", "osBuild": 18209, "healthStatus": "Active", - "isAadJoined": true, - "machineTags": [], "rbacGroupId": 140, "riskScore": "Low", - "aadDeviceId": null + "isAadJoined": true, + "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", + "machineTags": [ "test tag 1", "test tag 2" ] }, { "id": "7292e4b8cb74ff1cc3d8a495eb29dc8858b732f7", "computerDnsName": "mymachine2.contoso.com", "firstSeen": "2018-07-09T13:22:45.1250071Z", - "lasttSeen": "2018-07-09T13:22:45.1250071Z", + "lastSeen": "2018-07-09T13:22:45.1250071Z", "osPlatform": "Windows10", - "osVersion": null, - "systemProductName": null, + "osVersion": "10.0.0.0", "lastIpAddress": "192.168.12.225", "lastExternalIpAddress": "79.183.65.82", "agentVersion": "10.5820.17724.1000", "osBuild": 17724, "healthStatus": "Inactive", - "isAadJoined": true, - "machineTags": [], - "rbacGroupId": 140, + "rbacGroupId": 140, "riskScore": "Low", - "aadDeviceId": null + "isAadJoined": false, + "aadDeviceId": null, + "machineTags": [ "test tag 1" ] } ] } diff --git a/windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection-new.md index 3c68f72daf..f4061af62e 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection-new.md @@ -85,18 +85,17 @@ Content-type: application/json "firstSeen": "2018-08-02T14:55:03.7791856Z", "lastSeen": "2018-08-02T14:55:03.7791856Z", "osPlatform": "Windows10", - "osVersion": null, - "systemProductName": null, + "osVersion": "10.0.0.0", "lastIpAddress": "172.17.230.209", "lastExternalIpAddress": "167.220.196.71", "agentVersion": "10.5830.18209.1001", "osBuild": 18209, "healthStatus": "Active", - "isAadJoined": true, - "machineTags": [], "rbacGroupId": 140, "riskScore": "Low", - "aadDeviceId": null + "isAadJoined": true, + "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", + "machineTags": [ "test tag 1", "test tag 2" ] }, { "id": "7292e4b8cb74ff1cc3d8a495eb29dc8858b732f7", @@ -104,18 +103,17 @@ Content-type: application/json "firstSeen": "2018-07-09T13:22:45.1250071Z", "lastSeen": "2018-07-09T13:22:45.1250071Z", "osPlatform": "Windows10", - "osVersion": null, - "systemProductName": null, + "osVersion": "10.0.0.0", "lastIpAddress": "192.168.12.225", "lastExternalIpAddress": "79.183.65.82", "agentVersion": "10.5820.17724.1000", "osBuild": 17724, "healthStatus": "Inactive", - "isAadJoined": true, - "machineTags": [], - "rbacGroupId": 140, + "rbacGroupId": 140, "riskScore": "Low", - "aadDeviceId": null + "isAadJoined": false, + "aadDeviceId": null, + "machineTags": [ "test tag 1" ] } ] } diff --git a/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md index 4211bbbb1f..e29196545f 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md @@ -15,12 +15,13 @@ ms.date: 12/08/2017 # Get machine by ID API -[!include[Prerelease information](prerelease.md)] - **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) -Retrieves a machine entity by ID. + +[!include[Prerelease information](prerelease.md)] + +- Retrieves a machine entity by ID. ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md) @@ -85,18 +86,17 @@ Content-type: application/json "firstSeen": "2018-08-02T14:55:03.7791856Z", "lastSeen": "2018-08-02T14:55:03.7791856Z", "osPlatform": "Windows10", - "osVersion": null, - "systemProductName": null, + "osVersion": "10.0.0.0", "lastIpAddress": "172.17.230.209", "lastExternalIpAddress": "167.220.196.71", "agentVersion": "10.5830.18209.1001", "osBuild": 18209, "healthStatus": "Active", - "isAadJoined": true, - "machineTags": [], "rbacGroupId": 140, "riskScore": "Low", - "aadDeviceId": null + "isAadJoined": true, + "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", + "machineTags": [ "test tag 1", "test tag 2" ] } ``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection-new.md index 96a4953581..bfda8dcbcd 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection-new.md @@ -14,12 +14,14 @@ ms.date: 12/08/2017 --- # Get machineAction API + **Applies to:** + - Windows Defender Advanced Threat Protection (Windows Defender ATP) [!include[Prerelease information](prerelease.md)] -Get action performed on a machine. +- Get action performed on a machine. ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md) diff --git a/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection-new.md index 5a137cb5a8..018818ec82 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection-new.md @@ -15,14 +15,16 @@ ms.date: 12/08/2017 # List MachineActions API -[!include[Prerelease information](prerelease.md)] - **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) - Gets collection of actions done on machines. - Get MachineAction collection API supports [OData V4 queries](https://www.odata.org/documentation/). +[!include[Prerelease information](prerelease.md)] + +- Gets collection of actions done on machines. +- Get MachineAction collection API supports [OData V4 queries](https://www.odata.org/documentation/). +- The OData's Filter query is supported on: "Id", "Status", "MachineId", "Type" and "CreationDateTimeUtc". +- See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md) ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md) @@ -167,3 +169,6 @@ Content-type: application/json ] } ``` + +## Related topics +- [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md) diff --git a/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md index 063919c244..13aadfafc7 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md @@ -24,6 +24,7 @@ ms.date: 12/08/2017 - Retrieves a collection of machines that have communicated with WDATP cloud on the last 30 days. - Get Machines collection API supports [OData V4 queries](https://www.odata.org/documentation/). - The OData's Filter query is supported on: "Id", "ComputerDnsName", "LastSeen", "LastIpAddress", "HealthStatus", "OsPlatform", "RiskScore", "MachineTags" and "RbacGroupId". +- See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md) ## Permissions @@ -87,18 +88,17 @@ Content-type: application/json "firstSeen": "2018-08-02T14:55:03.7791856Z", "lastSeen": "2018-08-02T14:55:03.7791856Z", "osPlatform": "Windows10", - "osVersion": null, - "systemProductName": null, + "osVersion": "10.0.0.0", "lastIpAddress": "172.17.230.209", "lastExternalIpAddress": "167.220.196.71", "agentVersion": "10.5830.18209.1001", "osBuild": 18209, "healthStatus": "Active", - "isAadJoined": true, - "machineTags": [], "rbacGroupId": 140, "riskScore": "Low", - "aadDeviceId": null + "isAadJoined": true, + "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", + "machineTags": [ "test tag 1", "test tag 2" ] }, { "id": "7292e4b8cb74ff1cc3d8a495eb29dc8858b732f7", @@ -106,19 +106,21 @@ Content-type: application/json "firstSeen": "2018-07-09T13:22:45.1250071Z", "lastSeen": "2018-07-09T13:22:45.1250071Z", "osPlatform": "Windows10", - "osVersion": null, - "systemProductName": null, + "osVersion": "10.0.0.0", "lastIpAddress": "192.168.12.225", "lastExternalIpAddress": "79.183.65.82", "agentVersion": "10.5820.17724.1000", "osBuild": 17724, "healthStatus": "Inactive", - "isAadJoined": true, - "machineTags": [], - "rbacGroupId": 140, + "rbacGroupId": 140, "riskScore": "Low", - "aadDeviceId": null + "isAadJoined": false, + "aadDeviceId": null, + "machineTags": [ "test tag 1" ] } ] } ``` + +## Related topics +- [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md) diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md index 9e0f217156..873cd7bfe6 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md @@ -14,6 +14,7 @@ ms.date: 12/08/2017 --- # Get user related machines API + **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) @@ -87,18 +88,17 @@ Content-type: application/json "firstSeen": "2018-08-02T14:55:03.7791856Z", "lastSeen": "2018-08-02T14:55:03.7791856Z", "osPlatform": "Windows10", - "osVersion": null, - "systemProductName": null, + "osVersion": "10.0.0.0", "lastIpAddress": "172.17.230.209", "lastExternalIpAddress": "167.220.196.71", "agentVersion": "10.5830.18209.1001", "osBuild": 18209, "healthStatus": "Active", - "isAadJoined": true, - "machineTags": [], "rbacGroupId": 140, "riskScore": "Low", - "aadDeviceId": null + "isAadJoined": true, + "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", + "machineTags": [ "test tag 1", "test tag 2" ] }, { "id": "7292e4b8cb74ff1cc3d8a495eb29dc8858b732f7", @@ -106,18 +106,17 @@ Content-type: application/json "firstSeen": "2018-07-09T13:22:45.1250071Z", "lastSeen": "2018-07-09T13:22:45.1250071Z", "osPlatform": "Windows10", - "osVersion": null, - "systemProductName": null, + "osVersion": "10.0.0.0", "lastIpAddress": "192.168.12.225", "lastExternalIpAddress": "79.183.65.82", "agentVersion": "10.5820.17724.1000", "osBuild": 17724, "healthStatus": "Inactive", - "isAadJoined": true, - "machineTags": [], - "rbacGroupId": 140, + "rbacGroupId": 140, "riskScore": "Low", - "aadDeviceId": null + "isAadJoined": false, + "aadDeviceId": null, + "machineTags": [ "test tag 1" ] } ] } diff --git a/windows/security/threat-protection/windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md index 8c70bf4419..4d6a156ac0 100644 --- a/windows/security/threat-protection/windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md @@ -35,13 +35,14 @@ firstSeen | DateTimeOffset | First date and time where the [machine](machine-win lastSeen | DateTimeOffset | Last date and time where the [machine](machine-windows-defender-advanced-threat-protection-new.md) was observed by WDATP. osPlatform | String | OS platform. osVersion | String | OS Version. -lastIpAddress | Ip | Last IP on local NIC on the [machine](machine-windows-defender-advanced-threat-protection-new.md). -lastExternalIpAddress | Ip | Last IP through which the [machine](machine-windows-defender-advanced-threat-protection-new.md) accessed the internet. +lastIpAddress | String | Last IP on local NIC on the [machine](machine-windows-defender-advanced-threat-protection-new.md). +lastExternalIpAddress | String | Last IP through which the [machine](machine-windows-defender-advanced-threat-protection-new.md) accessed the internet. agentVersion | String | Version of WDATP agent. -osBuild | Int | OS build number. +osBuild | Nullable long | OS build number. healthStatus | Enum | [machine](machine-windows-defender-advanced-threat-protection-new.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData" and "NoSensorDataImpairedCommunication" -isAadJoined | Boolean | Is [machine](machine-windows-defender-advanced-threat-protection-new.md) AAD joined. -machineTags | String collection | Set of [machine](machine-windows-defender-advanced-threat-protection-new.md) tags. -rbacGroupId | Int | Group ID. -riskScore | String | Risk score as evaludated by WDATP. Possible values are: 'None', 'Low', 'Medium' and 'High'. -aadDeviceId | String | AAD Device ID (when [machine](machine-windows-defender-advanced-threat-protection-new.md) is Aad Joined). \ No newline at end of file +rbacGroupId | Int | RBAC Group ID. +rbacGroupName | String | RBAC Group Name. +riskScore | Nullable Enum | Risk score as evaluated by WDATP. Possible values are: 'None', 'Low', 'Medium' and 'High'. +isAadJoined | Nullable Boolean | Is [machine](machine-windows-defender-advanced-threat-protection-new.md) AAD joined. +aadDeviceId | Nullable Guid | AAD Device ID (when [machine](machine-windows-defender-advanced-threat-protection-new.md) is Aad Joined). +machineTags | String collection | Set of [machine](machine-windows-defender-advanced-threat-protection-new.md) tags. \ No newline at end of file