s

windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection-new.md

@@ -13,7 +13,7 @@ ms.localizationpriority: medium
 ms.date: 12/08/2017
 ---
 
-# List machineActions API
+# List MachineActions API
 
 [!include[Prerelease information](prerelease.md)]
 
@@ -140,7 +140,7 @@ Here is an example of the response.
 HTTP/1.1 200 Ok
 Content-type: application/json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/testwdatppreview/$metadata#MachineActions",
+    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions",
     "value": [
         {
             "id": "69dc3630-1ccc-4342-acf3-35286eec741d",

windows/security/threat-protection/windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md

@@ -0,0 +1,109 @@
+---
+title: List TiIndicators API
+description: Use this API to create calls related to get TiIndicators collection
+keywords: apis, public api, supported apis, TiIndicators collection
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+ms.date: 12/08/2017
+---
+
+# List TiIndicators API
+
+[!include[Prerelease information](prerelease.md)]
+
+>[!Note]
+> Currently this API is supported only for AppOnly context requests. (See [Get access without a user](exposed-apis-create-app-webapp.md) for more information)
+
+
+**Applies to:**
+
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+ Gets collection of Ti Indicators.
+ Get TiIndicators collection API supports [OData V4 queries](https://www.odata.org/documentation/).
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+
+Permission type |	Permission	|	Permission display name
+:---|:---|:---
+Application |	Ti_ReadWrite |	'Read and write Ti Indicators'
+
+
+## HTTP request
+```
+GET https://api.securitycenter.windows.com/api/tiindicators
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200, Ok response code with a collection of [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entities.
+
+>[!Note]
+> The response will only include Ti Indicators that submitted by the calling Application. 
+
+
+## Example
+
+**Request**
+
+Here is an example of a request that gets all Ti Indicators
+
+```
+GET https://api.securitycenter.windows.com/api/tiindicators
+```
+
+[!include[Improve request performance](improverequestperformance-new.md)]
+
+**Response**
+
+Here is an example of the response.
+
+```
+HTTP/1.1 200 Ok
+Content-type: application/json
+{
+    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#TiIndicators",
+    "value": [
+        {
+            "indicator": "12.13.14.15",
+            "indicatorType": "IpAddress",
+            "title": "test",
+            "creationTimeDateTimeUtc": "2018-10-24T11:15:35.3688259Z",
+            "createdBy": "45097602-1234-5678-1234-9f453233e62c",
+            "expirationTime": "2020-12-12T00:00:00Z",
+            "action": "AlertAndBlock",
+            "severity": "Informational",
+            "description": "test",
+            "recommendedActions": "test"
+        },
+        {
+            "indicator": "220e7d15b0b3d7fac48f2bd61114db1022197f7f",
+            "indicatorType": "FileSha1",
+            "title": "test",
+            "creationTimeDateTimeUtc": "2018-10-24T10:54:23.2009016Z",
+            "createdBy": "45097602-1234-5678-1234-9f453233e62c",
+            "expirationTime": "2020-12-12T00:00:00Z",
+            "action": "AlertAndBlock",
+            "severity": "Informational",
+            "description": "test",
+            "recommendedActions": "TEST"
+        }
+    ]
+}
+```

windows/security/threat-protection/windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md

@@ -0,0 +1,41 @@
+---
+title: TiIndicator resource type
+description: TiIndicator entity description.
+keywords: apis, supported apis, get, TiIndicator, recent
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+ms.date: 12/08/2017
+---
+
+# TiIndicator resource type
+
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+Method|Return Type |Description
+:---|:---|:---
+[List TiIndicators](get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md) | [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) | List [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entities.
+
+# Properties
+Property |	Type	|	Description
+:---|:---|:---
+indicator | String | Identity of the [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
+indicatorType | Enum | Type of the indicator. Possible values are: "FileSha1", "FileSha256", "IpAddress", "DomainName" and "Url"
+title | String | Ti indicator title.
+creationTimeDateTimeUtc | DateTimeOffset | The date and time when the indicator was created.
+createdBy | String | Identity of the user/application that created the indicator.
+expirationTime | DateTimeOffset | The expiration time of the indicator
+action | Enum | The action that will be taken when the indicator will be discovered in the organization. Possible values are: "Alert", "AlertAndBlock", and "Allowed"
+severity | Enum | The severity of the indicator. possible values are: "Informational", "Low", "Medium" and "High"
+description | String | Description of the indicator.
+recommendedActions | String | Recommended actions for the indicator.
+
+