diff --git a/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection-new.md index 77fcc41c80..5a137cb5a8 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection-new.md @@ -13,7 +13,7 @@ ms.localizationpriority: medium ms.date: 12/08/2017 --- -# List machineActions API +# List MachineActions API [!include[Prerelease information](prerelease.md)] @@ -140,7 +140,7 @@ Here is an example of the response. HTTP/1.1 200 Ok Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/testwdatppreview/$metadata#MachineActions", + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions", "value": [ { "id": "69dc3630-1ccc-4342-acf3-35286eec741d", diff --git a/windows/security/threat-protection/windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md new file mode 100644 index 0000000000..a4dc9a8ac3 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md @@ -0,0 +1,109 @@ +--- +title: List TiIndicators API +description: Use this API to create calls related to get TiIndicators collection +keywords: apis, public api, supported apis, TiIndicators collection +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: medium +ms.date: 12/08/2017 +--- + +# List TiIndicators API + +[!include[Prerelease information](prerelease.md)] + +>[!Note] +> Currently this API is supported only for AppOnly context requests. (See [Get access without a user](exposed-apis-create-app-webapp.md) for more information) + + +**Applies to:** + +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + + Gets collection of Ti Indicators. + Get TiIndicators collection API supports [OData V4 queries](https://www.odata.org/documentation/). + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Ti_ReadWrite | 'Read and write Ti Indicators' + + +## HTTP request +``` +GET https://api.securitycenter.windows.com/api/tiindicators +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200, Ok response code with a collection of [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entities. + +>[!Note] +> The response will only include Ti Indicators that submitted by the calling Application. + + +## Example + +**Request** + +Here is an example of a request that gets all Ti Indicators + +``` +GET https://api.securitycenter.windows.com/api/tiindicators +``` + +[!include[Improve request performance](improverequestperformance-new.md)] + +**Response** + +Here is an example of the response. + +``` +HTTP/1.1 200 Ok +Content-type: application/json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#TiIndicators", + "value": [ + { + "indicator": "12.13.14.15", + "indicatorType": "IpAddress", + "title": "test", + "creationTimeDateTimeUtc": "2018-10-24T11:15:35.3688259Z", + "createdBy": "45097602-1234-5678-1234-9f453233e62c", + "expirationTime": "2020-12-12T00:00:00Z", + "action": "AlertAndBlock", + "severity": "Informational", + "description": "test", + "recommendedActions": "test" + }, + { + "indicator": "220e7d15b0b3d7fac48f2bd61114db1022197f7f", + "indicatorType": "FileSha1", + "title": "test", + "creationTimeDateTimeUtc": "2018-10-24T10:54:23.2009016Z", + "createdBy": "45097602-1234-5678-1234-9f453233e62c", + "expirationTime": "2020-12-12T00:00:00Z", + "action": "AlertAndBlock", + "severity": "Informational", + "description": "test", + "recommendedActions": "TEST" + } + ] +} +``` diff --git a/windows/security/threat-protection/windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md new file mode 100644 index 0000000000..e3cc47f323 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md @@ -0,0 +1,41 @@ +--- +title: TiIndicator resource type +description: TiIndicator entity description. +keywords: apis, supported apis, get, TiIndicator, recent +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: medium +ms.date: 12/08/2017 +--- + +# TiIndicator resource type + +**Applies to:** +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +[!include[Prerelease information](prerelease.md)] + +Method|Return Type |Description +:---|:---|:--- +[List TiIndicators](get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md) | [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) | List [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entities. + +# Properties +Property | Type | Description +:---|:---|:--- +indicator | String | Identity of the [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity. +indicatorType | Enum | Type of the indicator. Possible values are: "FileSha1", "FileSha256", "IpAddress", "DomainName" and "Url" +title | String | Ti indicator title. +creationTimeDateTimeUtc | DateTimeOffset | The date and time when the indicator was created. +createdBy | String | Identity of the user/application that created the indicator. +expirationTime | DateTimeOffset | The expiration time of the indicator +action | Enum | The action that will be taken when the indicator will be discovered in the organization. Possible values are: "Alert", "AlertAndBlock", and "Allowed" +severity | Enum | The severity of the indicator. possible values are: "Informational", "Low", "Medium" and "High" +description | String | Description of the indicator. +recommendedActions | String | Recommended actions for the indicator. + +