From d71cca8254f6be86ec1e5a612362708ade1848db Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 14:04:33 -0800 Subject: [PATCH 01/48] Added new TVM API topics --- .../get-all-recommendations.md | 104 ++++++++++++++++++ .../get-all-vulnerabilities.md | 92 ++++++++++++++++ .../get-machines-by-software.md | 89 +++++++++++++++ .../get-machines-by-vulnerability.md | 88 +++++++++++++++ .../get-recommendation-by-id.md | 93 ++++++++++++++++ .../get-recommendation-machines.md | 81 ++++++++++++++ .../get-recommendation-software.md | 81 ++++++++++++++ .../get-recommendation-vulnerabilities.md | 90 +++++++++++++++ .../get-software-by-id.md | 83 ++++++++++++++ .../get-software-ver-distribution.md | 86 +++++++++++++++ .../microsoft-defender-atp/get-software.md | 84 ++++++++++++++ .../get-vuln-by-software.md | 93 ++++++++++++++++ .../get-vulnerability-by-id.md | 86 +++++++++++++++ 13 files changed, 1150 insertions(+) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-software.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md new file mode 100644 index 0000000000..34c6863e7d --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md @@ -0,0 +1,104 @@ +--- +title: List all recommendations +description: Retrieves a list of all security recommendations affecting the organization. +keywords: apis, graph api, supported apis, get, security recommendations, mdatp tvm api, threat and vulnerability management, threat and vulnerability management api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# List all recommendations +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a list of all security recommendations affecting the organization. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information' +Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information' + +## HTTP request +``` +GET /api/recommendations +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the list of security recommendations in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/recommendations +``` + +**Response** + +Here is an example of the response. + + +``` +Content-type: json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations", + "value": [ + { + "id": "va-_-microsoft-_-windows_10", + "productName": "windows_10", + "recommendationName": "Update Windows 10", + "weaknesses": 397, + "vendor": "microsoft", + "recommendedVersion": "", + "recommendationCategory": "Application", + "subCategory": "", + "severityScore": 0, + "publicExploit": true, + "activeAlert": false, + "associatedThreats": [ + "3098b8ef-23b1-46b3-aed4-499e1928f9ed", + "40c189d5-0330-4654-a816-e48c2b7f9c4b", + "4b0c9702-9b6c-4ca2-9d02-1556869f56f8", + "e8fc2121-3cf3-4dd2-9ea0-87d7e1d2b29d", + "94b6e94b-0c1d-4817-ac06-c3b8639be3ab" + ], + "remediationType": "Update", + "status": "Active", + "configScoreImpact": 0, + "exposureImpact": 7.674418604651163, + "totalMachineCount": 37, + "exposedMachinesCount": 7, + "nonProductivityImpactedAssets": 0, + "relatedComponent": "Windows 10" + }, +… +} +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md new file mode 100644 index 0000000000..01869cd89b --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md @@ -0,0 +1,92 @@ +--- +title: Get all vulnerabilities +description: Retrieves a list of all the vulnerabilities affecting the organization +keywords: apis, graph api, supported apis, get, vulnerability information, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get all vulnerabilities +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a list of all the vulnerabilities affecting the organization. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information' +Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information' + +## HTTP request +``` +GET /api/vulnerabilities +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the list of vulnerabilities in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Vulnerabilities +``` + +**Response** + +Here is an example of the response. + + +``` +Content-type: json +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Vulnerabilities", + "value": [ + { + "id": "CVE-2019-0608", + "name": "CVE-2019-0608", + "description": "A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could impersonate a user request by crafting HTTP queries. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.To exploit the vulnerability, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it.In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or instant message, and then convince the user to interact with content on the website.The update addresses the vulnerability by correcting how Microsoft Browsers parses HTTP responses.", + "severity": "Medium", + "cvssV3": 4.3, + "exposedMachines": 4, + "publishedOn": "2019-10-08T00:00:00Z", + "updatedOn": "2019-12-16T16:20:00Z", + "publicExploit": false, + "exploitVerified": false, + "exploitInKit": false, + "exploitTypes": [], + "exploitUris": [] + }, + { +.. +} +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md new file mode 100644 index 0000000000..dd922cae08 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md @@ -0,0 +1,89 @@ +--- +title: List machines by software +description: Retrieve a list of machines that has this software installed. +keywords: apis, graph api, supported apis, get, list machines, machines list, list machines by software, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# List machines by software + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieve a list of machines that has this software installed + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information' +Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information' + +## HTTP request +``` +GET /api/Software/{Id}/machineReferences +``` + +## Request headers + +| Name | Type | Description +|:--------------|:-------|:--------------| +| Authorization | String | Bearer {token}.**Required**. + +## Request body +Empty + +## Response +If successful, this method returns 200 OK and a list of machines with the software installed in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/machineReferences +``` + +**Response** + +Here is an example of the response. + +```json + +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#MachineReferences", + "value": [ + { + "id": "7c7e1896fa39efb0a32a2cf421d837af1b9bf762", + "computerDnsName": "dave_desktop", + "osPlatform": "Windows10", + "rbacGroupId": 9 + }, + { + "id": "7d5cc2e7c305e4a0a290392abf6707f9888fda0d", + "computerDnsName": "jane_PC", + "osPlatform": "Windows10", + "rbacGroupId": 9 + }, +… +} +``` + diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md new file mode 100644 index 0000000000..37a235d516 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md @@ -0,0 +1,88 @@ +--- +title: List machines by vulnerability +description: Retrieves a list of machines affected by a vulnerability. +keywords: apis, graph api, supported apis, get, machines list, vulnerable machines, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# List machines by vulnerability +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a list of machines affected by a vulnerability. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application |Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information' +Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information' + +## HTTP request +``` +GET /api/vulnerabilities/{cveId}/machineReferences +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the vulnerability information in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/vulnerabilities/CVE-2019-0608/machineReferences +``` + +**Response** + +Here is an example of the response. + + +``` +Content-type: json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineReferences", + "value": [ + { + "id": "235a2e6278c63fcf85bab9c370396972c58843de", + "computerDnsName": "h1mkn_PC", + "osPlatform": "Windows10", + "rbacGroupId": 1268 + }, + { + "id": "afb3f807d1a185ac66668f493af028385bfca184", + "computerDnsName": "chat_Desk ", + "osPlatform": "Windows10", + "rbacGroupId": 410 + } + ] + } +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md new file mode 100644 index 0000000000..86f7eef853 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md @@ -0,0 +1,93 @@ +--- +title: Get recommendation by Id +description: Retrieves a security recommendation by its ID. +keywords: apis, graph api, supported apis, get, security recommendation, security recommendation by ID, threat and vulnerability management, threat and vulnerability management api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get recommendation by ID +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a security recommendation by its ID. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information' +Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information' + +## HTTP request +``` +GET /api/recommendations/{id} +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the security recommendations in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome +``` + +**Response** + +Here is an example of the response. + +``` +Content-type: json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations/$entity", + "id": "va-_-google-_-chrome", + "productName": "chrome", + "recommendationName": "Update Chrome", + "weaknesses": 38, + "vendor": "google", + "recommendedVersion": "", + "recommendationCategory": "Application", + "subCategory": "", + "severityScore": 0, + "publicExploit": false, + "activeAlert": false, + "associatedThreats": [], + "remediationType": "Update", + "status": "Active", + "configScoreImpact": 0, + "exposureImpact": 3.9441860465116285, + "totalMachineCount": 6, + "exposedMachinesCount": 5, + "nonProductivityImpactedAssets": 0, + "relatedComponent": "Chrome" +} +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md new file mode 100644 index 0000000000..772dc4e34b --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md @@ -0,0 +1,81 @@ +--- +title: Get recommendation machines +description: Retrieves a list of machines associated with the security recommendation. +keywords: apis, graph api, supported apis, get, security recommendation for vulnerable machines, threat and vulnerability management, threat and vulnerability management api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get recommendation machines +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a list of machines associated with the security recommendation. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information' +Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information' + +## HTTP request +``` +GET /api/recommendations/{id}/machineReferences +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the list of machines associated with the security recommendation. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/machineReferences +``` + +**Response** + +Here is an example of the response. + +``` +Content-type: json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineReferences", + "value": [ + { + "id": "e058770379bc199a9c179ce52a23e16fd44fd2ee", + "computerDnsName": "niw_pc", + "osPlatform": "Windows10", + "rbacGroupId": 2154 + }, +… +} +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md new file mode 100644 index 0000000000..4032adfef3 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md @@ -0,0 +1,81 @@ +--- +title: Get recommendation software +description: Retrieves a security recommendation related to a specific software. +keywords: apis, graph api, supported apis, get, security recommendation, security recommendation for software, threat and vulnerability management, threat and vulnerability management api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get recommendation software +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a security recommendation related to a specific software. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information' +Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information' + +## HTTP request +``` +GET /api/recommendations/{id}/software +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the software associated with the security recommendations in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/software +``` + +**Response** + +Here is an example of the response. + +``` +Content-type: json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Analytics.Contracts.PublicAPI.PublicProductDto", + "id": "google-_-chrome", + "name": "chrome", + "vendor": "google", + "weaknesses": 38, + "publicExploit": false, + "activeAlert": false, + "exposedMachines": 5, + "impactScore": 3.94418621 +} +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md new file mode 100644 index 0000000000..954479aad6 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md @@ -0,0 +1,90 @@ +--- +title: Get recommendation vulnerabilities +description: Retrieves a list of vulnerabilities associated with the security recommendation. +keywords: apis, graph api, supported apis, get, list of vulnerabilities, security recommendation, security recommendation for vulnerabilities, threat and vulnerability management, threat and vulnerability management api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get recommendation vulnerabilities +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a list of vulnerabilities associated with the security recommendation. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information' +Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information' + +## HTTP request +``` +GET /api/recommendations/{id}/vulnerabilities +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK, with the list of vulnerabilities associated with the security recommendation. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/vulnerabilities +``` + +**Response** + +Here is an example of the response. + +``` +Content-type: json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", + "value": [ + { + "id": "CVE-2019-13748", + "name": "CVE-2019-13748", + "description": "Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", + "severity": "Medium", + "cvssV3": 6.5, + "exposedMachines": 0, + "publishedOn": "2019-12-10T00:00:00Z", + "updatedOn": "2019-12-16T12:15:00Z", + "publicExploit": false, + "exploitVerified": false, + "exploitInKit": false, + "exploitTypes": [], + "exploitUris": [] + }, +… +} +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md new file mode 100644 index 0000000000..663bac6747 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md @@ -0,0 +1,83 @@ +--- +title: Get software by Id +description: Retrieves a list of exposure scores by machine group. +keywords: apis, graph api, supported apis, get, software, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get software by Id + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves software details by ID + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information' +Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information' + +## HTTP request +``` +GET /api/Software/{Id} +``` + +## Request headers + +| Name | Type | Description +|:--------------|:-------|:--------------| +| Authorization | String | Bearer {token}.**Required**. + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the specified software data in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge +``` + +**Response** + +Here is an example of the response. + +```json + +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Software/$entity", + "id": "microsoft-_-edge", + "name": "edge", + "vendor": "microsoft", + "weaknesses": 467, + "publicExploit": true, + "activeAlert": false, + "exposedMachines": 172, + "impactScore": 2.39947438 +} +``` + diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md new file mode 100644 index 0000000000..39a3275bf2 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md @@ -0,0 +1,86 @@ +--- +title: List software version distribution +description: Retrieves a list of your organization's software version distribution +keywords: apis, graph api, supported apis, get, software version distribution, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# List software version distribution + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a list of your organization's software version distribution + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information' +Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information' + +## HTTP request +``` +GET /api/Software/{Id}/distributions +``` + +## Request headers + +| Name | Type | Description +|:--------------|:-------|:--------------| +| Authorization | String | Bearer {token}.**Required**. + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with a list of software distributions data in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/distributions +``` + +**Response** + +Here is an example of the response. + +```json + +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Distributions", + "value": [ + { + "version": "11.0.17134.1039", + "installations": 1, + "vulnerabilities": 11 + }, + { + "version": "11.0.18363.535", + "installations": 750, + "vulnerabilities": 0 + }, +… +} + diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-software.md new file mode 100644 index 0000000000..67bfa09292 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software.md @@ -0,0 +1,84 @@ +--- +title: List software +description: Retrieves a list of software inventory +keywords: apis, graph api, supported apis, get, list, file, information, software inventory, threat & vulnerability management api, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# List software inventory API +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves the organization software inventory + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application |Software.Read.All | 'Read Threat and Vulnerability Management Software information' +Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information' + +## HTTP request +``` +GET /api/Software +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the software inventory in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Software +``` + +**Response** + +Here is an example of the response. + + +``` +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Software", + "value": [ + { + "id": "microsoft-_-edge", + "name": "edge", + "vendor": "microsoft", + "weaknesses": 467, + "publicExploit": true, + "activeAlert": false, + "exposedMachines": 172, + "impactScore": 2.39947438 + }, +…. +} \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md new file mode 100644 index 0000000000..6984c10ec6 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md @@ -0,0 +1,93 @@ +--- +title: List vulnerabilities by software +description: Retrieve a list of vulnerabilities in the installed software. +keywords: apis, graph api, supported apis, get, vulnerabilities list, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# List vulnerabilities by software + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieve a list of vulnerabilities in the installed software. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information' +Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information' + +## HTTP request +``` +GET /api/Software/{Id}/vulnerabilities +``` + +## Request headers + +| Name | Type | Description +|:--------------|:-------|:--------------| +| Authorization | String | Bearer {token}.**Required**. + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with a a list of vulnerabilities exposed by the specified software. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/vulnerabilities +``` + +**Response** + +Here is an example of the response. + +```json + +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", + "value": [ + { + "id": "CVE-2017-0140", + "name": "CVE-2017-0140", + "description": "A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how affected Microsoft Edge handles different-origin requests.", + "severity": "Medium", + "cvssV3": 4.2, + "exposedMachines": 1, + "publishedOn": "2017-03-14T00:00:00Z", + "updatedOn": "2019-10-03T00:03:00Z", + "publicExploit": false, + "exploitVerified": false, + "exploitInKit": false, + "exploitTypes": [], + "exploitUris": [] + }, + +… +} +``` + diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md new file mode 100644 index 0000000000..f87c04ae43 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md @@ -0,0 +1,86 @@ +--- +title: Get vulnerability by Id +description: Retrieves vulnerability information by its ID. +keywords: apis, graph api, supported apis, get, vulnerability information, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get vulnerability by ID +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves vulnerability information by its ID. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information' +Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information' + +## HTTP request +``` +GET /api/vulnerabilities/{cveId} +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the vulnerability information in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Vulnerabilities/CVE-2019-0608 +``` + +**Response** + +Here is an example of the response. + +``` +Content-type: json +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Vulnerabilities/$entity", + "id": "CVE-2019-0608", + "name": "CVE-2019-0608", + "description": "A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could impersonate a user request by crafting HTTP queries. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.To exploit the vulnerability, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it.In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or instant message, and then convince the user to interact with content on the website.The update addresses the vulnerability by correcting how Microsoft Browsers parses HTTP responses.", + "severity": "Medium", + "cvssV3": 4.3, + "exposedMachines": 4, + "publishedOn": "2019-10-08T00:00:00Z", + "updatedOn": "2019-12-16T16:20:00Z", + "publicExploit": false, + "exploitVerified": false, + "exploitInKit": false, + "exploitTypes": [], + "exploitUris": [] +} +``` From 0218a6ca9fe3f9ed025fac09d1ccf367e047ca8a Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 14:51:26 -0800 Subject: [PATCH 02/48] Added TVM API --- .../threat-protection/microsoft-defender-atp/preview.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md index c06d033182..b5bc9edc17 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md @@ -43,6 +43,8 @@ Turn on the preview experience setting to be among the first to try upcoming fea ## Preview features The following features are included in the preview release: +- [Threat & Vulnerability Management API support](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list)
Run Threat & Vulnerability Management-related API calls such as get your organization's threat exposure score or device secure score, software and machine vulnerability inventory, software version distribution, machine vulnerability information, security recommandation information. + - [Threat & Vulnerability supported operating systems and platforms](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os)
Ensure that you meet the operating system or platform requisites for Threat & Vulnerability Management so the activities in your devices are properly accounted for. Threat & Vulnerability Management supports Windows 7, Windows 10 1607-1703, Windows 10 1709+, Windows Server 2008R2, Windows Server 2012R2, Windows Server 2016, Windows Server 2019. - [Threat & Vulnerability Management role-based access controls](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
You can now use the new permissions to allow maximum flexibility to create SecOps-oriented roles, Threat & Vulnerability Management-oriented roles, or hybrid roles so only authorized users are accessing specific data to do their task. You can also achieve even further granularity by specifying whether a Threat & Vulnerability Management role can only view vulnerability-related data, or can create and manage remediation and exceptions. From 2f0a51cdd0b644c2f906ba30d92e03a72be08888 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 14:53:17 -0800 Subject: [PATCH 03/48] Added TVM API updates --- .../microsoft-defender-atp/exposed-apis-list.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md index c91de23386..8c836888bb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md @@ -57,6 +57,10 @@ Machines | Run API calls such as get machines, get machines by ID, information a Machine Actions | Run API call such as Isolation, Run anti-virus scan and more. Indicators | Run API call such as create Indicator, get Indicators and delete Indicators. Users | Run API calls such as get user related alerts and user related machines. +Score | Run API calls such as get exposure score or get device secure score. +Software | Run API calls such as list vulnerabilities by software. +Vulnerability | Run API calls such as list machines by vulnerability. +Recommendation | Run API calls such as Get recommendation by Id. ## Related topic - [Microsoft Defender ATP APIs](apis-intro.md) From 3e3f11677650c357e737dea21639ad9b7f40177f Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 15:14:52 -0800 Subject: [PATCH 04/48] Added TVM API updates --- .../threat-protection/microsoft-defender-atp/machine.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index a4227c1113..9c68f4125d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -28,6 +28,9 @@ Method|Return Type |Description [Get machine](get-machine-by-id.md) | [machine](machine.md) | Get a [machine](machine.md) by its identity. [Get logged on users](get-machine-log-on-users.md) | [user](user.md) collection | Get the set of [User](user.md) that logged on to the [machine](machine.md). [Get related alerts](get-machine-related-alerts.md) | [alert](alerts.md) collection | Get the set of [alert](alerts.md) entities that were raised on the [machine](machine.md). +[Get installed software](get-installed-software.md) | [Software](software.md) collection | Retrieves a list of software inventory in your organization. +[Get discovered vulnerabilities](get-discovered-vulnerabilities.md) | [Vulnerability](vulnerability.md) collection | Retrieves a list of all the vulnerabilities affecting the organization. +[Get security recommendations](get-security-recommendation.md) | [Recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. [Add or Remove machine tags](add-or-remove-machine-tags.md) | [machine](machine.md) | Add or Remove tag to a specific machine. [Find machines by IP](find-machines-by-ip.md) | [machine](machine.md) collection | Find machines seen with IP. @@ -50,3 +53,4 @@ rbacGroupName | String | RBAC Group Name. riskScore | Nullable Enum | Risk score as evaluated by Microsoft Defender ATP. Possible values are: 'None', 'Low', 'Medium' and 'High'. aadDeviceId | Nullable Guid | AAD Device ID (when [machine](machine.md) is Aad Joined). machineTags | String collection | Set of [machine](machine.md) tags. +exposureLevel | Nullable Enum | Exposure level as evaluated by Microsoft Defender ATP. Possible values are: 'None', 'Low', 'Medium' and 'High'. From c3e3a1371041006e50653c3b157b5636724e84cb Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 15:15:29 -0800 Subject: [PATCH 05/48] Added pre rel statement --- .../security/threat-protection/microsoft-defender-atp/machine.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index 9c68f4125d..304e43abbd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -20,6 +20,7 @@ ms.topic: article **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +[!include[Prerelease information](../../includes/prerelease.md)] ## Methods Method|Return Type |Description From 4555f820e4f70b9ee3b4449e5f0f8be938582f09 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 15:30:35 -0800 Subject: [PATCH 06/48] Added new topics for TVM API --- .../get-device-secure-score.md | 85 +++++++++++++++++ .../get-exposure-score.md | 91 ++++++++++++++++++ .../get-machine-group-exposure-score.md | 94 +++++++++++++++++++ .../microsoft-defender-atp/recommendation.md | 57 +++++++++++ .../microsoft-defender-atp/score.md | 75 +++++++++++++++ .../microsoft-defender-atp/software.md | 45 +++++++++ .../microsoft-defender-atp/vulnerability.md | 48 ++++++++++ 7 files changed, 495 insertions(+) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/recommendation.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/score.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/software.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/vulnerability.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md new file mode 100644 index 0000000000..7a81fe0182 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md @@ -0,0 +1,85 @@ +--- +title: Get Device Secure score +description: Retrieves the organizational device secure score. +keywords: apis, graph api, supported apis, get, alerts, recent +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get Device Secure score + +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +Retrieves the organizational device secure score. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Score.Read.Alll | 'Read Threat and Vulnerability Management score' +Delegated (work or school account) | Score.Read | 'Read Threat and Vulnerability Management score' + +## HTTP request +``` +GET /api/configurationScore +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK, with the with device secure score data in the response body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/configurationScore +``` + +[!include[Improve request performance](improve-request-performance.md)] + + +**Response** + +Here is an example of the response. + +>[!NOTE] +>The response list shown here may be truncated for brevity. + + +```json +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ConfigurationScore/$entity", + "time": "2019-12-03T09:15:58.1665846Z", + "score": 340, + "rbacGroupId": null +} +``` + +## Related topics +- [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md new file mode 100644 index 0000000000..2ce5adf1e0 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md @@ -0,0 +1,91 @@ +--- +title: Get exposure score +description: Retrieves the organizational exposure score. +keywords: apis, graph api, supported apis, get, exposure score, organizational exposure score +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get exposure score + +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +Retrieves the organizational exposure score. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Score.Read.All | 'Read Threat and Vulnerability Management score' +Delegated (work or school account) | Score.Read | 'Read Threat and Vulnerability Management score' + + +## HTTP request +``` +GET /api/exposureScore +``` + +## Optional query parameters +Method supports $top, $select, $filter, $expand and $skip query parameters. +
$expand is available on Files, IPs and Domains. e.g. $expand=files,domains + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK, with the exposure data in the response body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/exposureScore +``` + +[!include[Improve request performance](improve-request-performance.md)] + + +**Response** + +Here is an example of the response. + +>[!NOTE] +>The response list shown here may be truncated for brevity. + + +```json +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ExposureScore/$entity", + "time": "2019-12-03T07:23:53.280499Z", + "score": 33.491554051195706, + "rbacGroupId": null +} + +``` + +## Related topics +- [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md new file mode 100644 index 0000000000..42995a2265 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md @@ -0,0 +1,94 @@ +--- +title: List exposure score by machine group +description: Retrieves a list of exposure scores by machine group. +keywords: apis, graph api, supported apis, get, exposure score, machine group, machine group exposure score +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# List exposure score by machine group + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +Retrieves a collection of alerts related to a given domain address. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Score.Read.All | 'Read Threat and Vulnerability Management score' +Delegated (work or school account) | Score.Read | 'Read Threat and Vulnerability Management score' + +## HTTP request +``` +GET /api/exposureScore/ByMachineGroups +``` + +## Request headers + +| Name | Type | Description +|:--------------|:-------|:--------------| +| Authorization | String | Bearer {token}.**Required**. + +## Request body +Empty + +## Response +If successful, this method returns 200 OK, with a list of exposure score per machine group data in the response body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/exposureScore/ByMachineGroups +``` + +**Response** + +Here is an example of the response. + +```json + +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ExposureScore", + "value": [ + { + "time": "2019-12-03T09:51:28.214338Z", + "score": 41.38041766305988, + "rbacGroupId": 10 + }, + { + "time": "2019-12-03T09:51:28.2143399Z", + "score": 37.403726933165366, + "rbacGroupId": 11 + }, + { + "time": "2019-12-03T09:51:28.2143407Z", + "score": 26.390921344426033, + "rbacGroupId": 9 + }, + { + "time": "2019-12-03T09:51:28.2143414Z", + "score": 23.58823563070858, + "rbacGroupId": 5 + } + ] +} +``` \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md new file mode 100644 index 0000000000..c9dfd44b5f --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -0,0 +1,57 @@ +--- +title: Recommendation methods and properties +description: Retrieves top recent alerts. +keywords: apis, graph api, supported apis, get, alerts, recent +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Recommendation resource type + +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +## Methods +Method |Return Type |Description +:---|:---|:--- +[List all recommendations](get-all-recommendations.md) | Recommendation collection | +[Get recommendation by Id](get-recommendation-by-id.md) | Recommendation | +[Get recommendation software](get-recommendation-software.md)| [Software](software.md) | +[Get recommendation machines](get-recommendation-machines.md)|MachineRef collection | +[Get recommendation vulnerabilities](get-recommendation-vulnerabilities.md) | [Vulnerability](vulnerability.md) collection | + + +## Properties +Property | Type | Description +:---|:---|:--- +id | String | +productName | String | +recommendationName | String | +Weaknesses | Long | +Vendor | String | +recommendedVersion | String | +recommendationCategory | String | +subCategory | String | +severityScore | Double | +publicExploit | Boolean | +activeAlert | Boolean | +associatedThreats | String collection | +remediationType | String | +Status | String | Enum +configScoreImpact | Double | +exposureImpacte | Double| +totalMachineCount | Long | +exposedMachinesCount | Long | +nonProductivityImpactedAssets | Long | +relatedComponent | String | diff --git a/windows/security/threat-protection/microsoft-defender-atp/score.md b/windows/security/threat-protection/microsoft-defender-atp/score.md new file mode 100644 index 0000000000..06f002a203 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/score.md @@ -0,0 +1,75 @@ +--- +title: Score methods and properties +description: Retrieves your organization's exposure score, device secure score, and exposure score by machine group +keywords: apis, graph api, supported apis, score, exposure score, device secure score, exposure score by machine group +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Score resource type + +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +## Methods +Method |Return Type |Description +:---|:---|:--- +[Get exposure score](get-exposure-score.md) | [Score](score.md) | Get the organizational exposure score. +[Get device secure score](get-device-secure-score.md) | [Score](score.md) | Get the organizational device secure score. +[List exposure score by machine group](get-machine-group-exposure-score.md)| [Score](score.md) | List scores by machine group. + + +## Properties +Property | Type | Description +:---|:---|:--- +Score | Double | The current score. +Time | DateTime | The date and time in which the call for this API was made. +RbacGroupId | Nullable Int | RBAC Group ID. + + +### Response example for getting machine groups score: + +``` +GET https://api.securitycenter.windows.com/api/exposureScore/byMachineGroups +``` + +```json +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ExposureScore", + "value": [ + { + "time": "2019-12-03T07:26:49.9376328Z", + "score": 41.38041766305988, + "rbacGroupId": 10 + }, + { + "time": "2019-12-03T07:26:49.9376375Z", + "score": 23.58823563070858, + "rbacGroupId": 5 + }, + { + "time": "2019-12-03T07:26:49.9376382Z", + "score": 37.403726933165366, + "rbacGroupId": 11 + }, + { + "time": "2019-12-03T07:26:49.9376388Z", + "score": 26.323200116475423, + "rbacGroupId": 9 + } + ] +} + + +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/software.md b/windows/security/threat-protection/microsoft-defender-atp/software.md new file mode 100644 index 0000000000..36aba64d20 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/software.md @@ -0,0 +1,45 @@ +--- +title: Software methods and properties +description: Retrieves top recent alerts. +keywords: apis, graph api, supported apis, get, alerts, recent +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Software resource type + +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +## Methods +Method |Return Type |Description +:---|:---|:--- +[List software](get-software.md) | Software collection | List the organizational software inventory. +[Get software by Id](get-software-by-id.md) | Software | Get a specific software by its software ID. +[List software version distribution](get-software-ver-distribution.md)| Distribution collection | List software version distribution by software ID. +[List machines by software](get-machines-by-software.md)| MachineRef collection | Retrieve a list of machines that are associated with the software ID. +[List vulnerabilities by software](get-vuln-by-software.md) | [Vulnerability](vulnerability.md) collection | Retrieve a list of vulnerabilities associated with the software ID. + +## Properties +Property | Type | Description +:---|:---|:--- +id | String | +Name | String | +Vendor | String | +Weaknesses | Long | +publicExploit | Boolean | +activeAlert | Boolean | +exposedMachines | Long | +impactScore | Double | + diff --git a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md new file mode 100644 index 0000000000..3be61d9006 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md @@ -0,0 +1,48 @@ +--- +title: Vulnerability methods and properties +description: Retrieves vulnerability information +keywords: apis, graph api, supported apis, get, vulnerability +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Vulnerability resource type + +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +## Methods +Method |Return Type |Description +:---|:---|:--- +[Get all vulnerabilities](get-all-vulnerabilities.md) | Vulnerability collection | +[Get vulnerability by Id](get-vulnerability-by-id.md) | Vulnerability | +[List machines by vulnerability](get-machines-by-vulnerability.md)| MachineRef collection | Retrieve a list of machines that are associated with the vulnerability ID + + +## Properties +Property | Type | Description +:---|:---|:--- +id | String | +Name | String | +Description | String | +Severity | String | +cvssV3 | Double | +exposedMachines | Long | +publishedOn | DateTime | +updatedOn | DateTime | +publicExploit | Boolean | +exploitVerified | Boolean | +exploitInKit | Boolean | +exploitTypes | String collection | +exploitUris | String collection | From 50f256b8ff4452751800c2765d732d9d72462ebc Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 15:47:18 -0800 Subject: [PATCH 07/48] Update get-device-secure-score.md --- .../microsoft-defender-atp/get-device-secure-score.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md index 7a81fe0182..d2f1bb53f5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md @@ -61,9 +61,6 @@ Here is an example of the request. GET https://api.securitycenter.windows.com/api/configurationScore ``` -[!include[Improve request performance](improve-request-performance.md)] - - **Response** Here is an example of the response. @@ -82,4 +79,4 @@ Here is an example of the response. ``` ## Related topics -- [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md) \ No newline at end of file +- [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md) From 3ca2208e18c820f3d4a17169a5e5e2c3d8c845dd Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 15:47:58 -0800 Subject: [PATCH 08/48] Update get-exposure-score.md --- .../microsoft-defender-atp/get-exposure-score.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md index 2ce5adf1e0..b71e4ee8ec 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md @@ -66,9 +66,6 @@ Here is an example of the request. GET https://api.securitycenter.windows.com/api/exposureScore ``` -[!include[Improve request performance](improve-request-performance.md)] - - **Response** Here is an example of the response. From f6c235d9a57adfbe729be5f1b0a1766beec6b689 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 15:54:44 -0800 Subject: [PATCH 09/48] Update machine.md --- .../threat-protection/microsoft-defender-atp/machine.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index 304e43abbd..99a215e8c1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -29,9 +29,9 @@ Method|Return Type |Description [Get machine](get-machine-by-id.md) | [machine](machine.md) | Get a [machine](machine.md) by its identity. [Get logged on users](get-machine-log-on-users.md) | [user](user.md) collection | Get the set of [User](user.md) that logged on to the [machine](machine.md). [Get related alerts](get-machine-related-alerts.md) | [alert](alerts.md) collection | Get the set of [alert](alerts.md) entities that were raised on the [machine](machine.md). -[Get installed software](get-installed-software.md) | [Software](software.md) collection | Retrieves a list of software inventory in your organization. -[Get discovered vulnerabilities](get-discovered-vulnerabilities.md) | [Vulnerability](vulnerability.md) collection | Retrieves a list of all the vulnerabilities affecting the organization. -[Get security recommendations](get-security-recommendation.md) | [Recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. +[Get installed software](get-software.md) | [Software](software.md) collection | Retrieves a list of software inventory in your organization. +[Get discovered vulnerabilities](get-all-vulnerabilities.md) | [Vulnerability](vulnerability.md) collection | Retrieves a list of all the vulnerabilities affecting the organization. +[Get security recommendations](get-all-recommendation.md) | [Recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. [Add or Remove machine tags](add-or-remove-machine-tags.md) | [machine](machine.md) | Add or Remove tag to a specific machine. [Find machines by IP](find-machines-by-ip.md) | [machine](machine.md) collection | Find machines seen with IP. From 7cb440f17418effaa820a15a90cc10732c5b18c8 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 15:58:02 -0800 Subject: [PATCH 10/48] Added descriptions --- .../threat-protection/microsoft-defender-atp/vulnerability.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md index 3be61d9006..f024339c3e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md +++ b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md @@ -25,8 +25,8 @@ ms.topic: article ## Methods Method |Return Type |Description :---|:---|:--- -[Get all vulnerabilities](get-all-vulnerabilities.md) | Vulnerability collection | -[Get vulnerability by Id](get-vulnerability-by-id.md) | Vulnerability | +[Get all vulnerabilities](get-all-vulnerabilities.md) | Vulnerability collection | Retrieves a list of all the vulnerabilities affecting the organization +[Get vulnerability by Id](get-vulnerability-by-id.md) | Vulnerability | Retrieves vulnerability information by its ID [List machines by vulnerability](get-machines-by-vulnerability.md)| MachineRef collection | Retrieve a list of machines that are associated with the vulnerability ID From d030104010b31f5ce85f03043acaee902fe1f3bd Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:00:26 -0800 Subject: [PATCH 11/48] Added descriptions --- .../microsoft-defender-atp/recommendation.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md index c9dfd44b5f..ea8cfbf381 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -25,11 +25,11 @@ ms.topic: article ## Methods Method |Return Type |Description :---|:---|:--- -[List all recommendations](get-all-recommendations.md) | Recommendation collection | -[Get recommendation by Id](get-recommendation-by-id.md) | Recommendation | -[Get recommendation software](get-recommendation-software.md)| [Software](software.md) | -[Get recommendation machines](get-recommendation-machines.md)|MachineRef collection | -[Get recommendation vulnerabilities](get-recommendation-vulnerabilities.md) | [Vulnerability](vulnerability.md) collection | +[List all recommendations](get-all-recommendations.md) | Recommendation collection | Retrieves a list of all security recommendations affecting the organization +[Get recommendation by Id](get-recommendation-by-id.md) | Recommendation | Retrieves a security recommendation by its ID +[Get recommendation software](get-recommendation-software.md)| [Software](software.md) | Retrieves a security recommendation related to a specific software +[Get recommendation machines](get-recommendation-machines.md)|MachineRef collection | Retrieves a list of machines associated with the security recommendation +[Get recommendation vulnerabilities](get-recommendation-vulnerabilities.md) | [Vulnerability](vulnerability.md) collection | Retrieves a list of vulnerabilities associated with the security recommendation ## Properties From 85fe93712636fca7b17cf9e1354d39f636335eaf Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:01:53 -0800 Subject: [PATCH 12/48] Update recommendation.md --- .../threat-protection/microsoft-defender-atp/recommendation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md index ea8cfbf381..2e38f54fca 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -48,7 +48,7 @@ publicExploit | Boolean | activeAlert | Boolean | associatedThreats | String collection | remediationType | String | -Status | String | Enum +Status | Enum | Recommendation exception status. Possible values are: “Active” and “Exception” configScoreImpact | Double | exposureImpacte | Double| totalMachineCount | Long | From 9f7a62f14ba66223605a1eb4b11886c49305e4d4 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:06:25 -0800 Subject: [PATCH 13/48] Update get-exposure-score.md --- .../microsoft-defender-atp/get-exposure-score.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md index b71e4ee8ec..fadf3a064a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md @@ -38,10 +38,6 @@ Delegated (work or school account) | Score.Read | 'Read Threat and Vulnerability GET /api/exposureScore ``` -## Optional query parameters -Method supports $top, $select, $filter, $expand and $skip query parameters. -
$expand is available on Files, IPs and Domains. e.g. $expand=files,domains - ## Request headers Name | Type | Description From c6210ba9ef8a75be5cba467926fd670ada08ca4a Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:23:43 -0800 Subject: [PATCH 14/48] Added TVM API topics --- windows/security/threat-protection/TOC.md | 28 +++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index a483760fe8..e754cac2b3 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -435,6 +435,34 @@ ####### [Get user related alerts](microsoft-defender-atp/get-user-related-alerts.md) ####### [Get user related machines](microsoft-defender-atp/get-user-related-machines.md) +###### [Score]() +####### [Score methods and properties](microsoft-defender-atp/score.md) +####### [List exposure score by machine group](microsoft-defender-atp/get-machine-group-exposure-score.md) +####### [Get exposure score](microsoft-defender-atp/get-exposure-score.md) +####### [Get device secure score](microsoft-defender-atp/get-device-secure-score.md) + +###### [Software]() +####### [Software methods and properties](microsoft-defender-atp/software.md) +####### [List software](get-software.md) +####### [Get software by Id](get-software-by-id.md) +####### [List software version distribution](get-software-ver-distribution.md) +####### [List machines by software](get-machines-by-software.md) +####### [List vulnerabilities by software](get-vuln-by-software.md) + +###### [Vulnerability]() +####### [Vulnerability methods and properties](microsoft-defender-atp/vulnerability.md) +####### [Get all vulnerabilities](get-all-vulnerabilities.md) +####### [Get vulnerability by Id](get-vulnerability-by-id.md) +####### [List machines by vulnerability](get-machines-by-vulnerability.md) + +###### [Recommendation]() +####### [Recommendation methods and properties](microsoft-defender-atp/recommendation.md) +####### [List all recommendations](get-all-recommendations.md) +####### [Get recommendation by Id](get-recommendation-by-id.md) +####### [Get recommendation by software](get-recommendation-software.md) +####### [Get recommendation by machines](get-recommendation-machines.md) +####### [Get recommendation by vulnerabilities](get-recommendation-vulnerabilities.md) + ##### [How to use APIs - Samples]() ###### [Microsoft Flow](microsoft-defender-atp/api-microsoft-flow.md) ###### [Power BI](microsoft-defender-atp/api-power-bi.md) From 9ce89bfd00b09866c447fb98304751ecc86f6cba Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:34:24 -0800 Subject: [PATCH 15/48] Update machine.md --- .../threat-protection/microsoft-defender-atp/machine.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index 99a215e8c1..5ae61b0e70 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -31,7 +31,7 @@ Method|Return Type |Description [Get related alerts](get-machine-related-alerts.md) | [alert](alerts.md) collection | Get the set of [alert](alerts.md) entities that were raised on the [machine](machine.md). [Get installed software](get-software.md) | [Software](software.md) collection | Retrieves a list of software inventory in your organization. [Get discovered vulnerabilities](get-all-vulnerabilities.md) | [Vulnerability](vulnerability.md) collection | Retrieves a list of all the vulnerabilities affecting the organization. -[Get security recommendations](get-all-recommendation.md) | [Recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. +[Get security recommendations](get-all-recommendations.md) | [Recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. [Add or Remove machine tags](add-or-remove-machine-tags.md) | [machine](machine.md) | Add or Remove tag to a specific machine. [Find machines by IP](find-machines-by-ip.md) | [machine](machine.md) collection | Find machines seen with IP. From 576d40493fc63dda1a05f074d0983f09fd96446d Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:35:01 -0800 Subject: [PATCH 16/48] Update machine.md --- .../threat-protection/microsoft-defender-atp/machine.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index 5ae61b0e70..a488cd488b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -29,9 +29,9 @@ Method|Return Type |Description [Get machine](get-machine-by-id.md) | [machine](machine.md) | Get a [machine](machine.md) by its identity. [Get logged on users](get-machine-log-on-users.md) | [user](user.md) collection | Get the set of [User](user.md) that logged on to the [machine](machine.md). [Get related alerts](get-machine-related-alerts.md) | [alert](alerts.md) collection | Get the set of [alert](alerts.md) entities that were raised on the [machine](machine.md). -[Get installed software](get-software.md) | [Software](software.md) collection | Retrieves a list of software inventory in your organization. -[Get discovered vulnerabilities](get-all-vulnerabilities.md) | [Vulnerability](vulnerability.md) collection | Retrieves a list of all the vulnerabilities affecting the organization. -[Get security recommendations](get-all-recommendations.md) | [Recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. +[Get installed software](get-software.md) | [software](software.md) collection | Retrieves a list of software inventory in your organization. +[Get discovered vulnerabilities](get-all-vulnerabilities.md) | [vulnerability](vulnerability.md) collection | Retrieves a list of all the vulnerabilities affecting the organization. +[Get security recommendations](get-all-recommendations.md) | [recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. [Add or Remove machine tags](add-or-remove-machine-tags.md) | [machine](machine.md) | Add or Remove tag to a specific machine. [Find machines by IP](find-machines-by-ip.md) | [machine](machine.md) collection | Find machines seen with IP. From d7de8b4d66cbd49980bd4dfe4b095ce41be237e8 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:35:49 -0800 Subject: [PATCH 17/48] Added pre rel info --- .../threat-protection/microsoft-defender-atp/software.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/software.md b/windows/security/threat-protection/microsoft-defender-atp/software.md index 36aba64d20..5d4dd015b2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/software.md @@ -22,6 +22,8 @@ ms.topic: article - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Prerelease information](../../includes/prerelease.md)] + ## Methods Method |Return Type |Description :---|:---|:--- From fb05538330bcadabacbe2ed30abc4854133b88c6 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:36:34 -0800 Subject: [PATCH 18/48] Added pre rel info --- .../threat-protection/microsoft-defender-atp/vulnerability.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md index f024339c3e..1ab9f93f8a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md +++ b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md @@ -22,6 +22,8 @@ ms.topic: article - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Prerelease information](../../includes/prerelease.md)] + ## Methods Method |Return Type |Description :---|:---|:--- From 66291fb62ada8b1c4c8e3a6f628cd580b77d1f54 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:37:03 -0800 Subject: [PATCH 19/48] Added pre rel info --- .../threat-protection/microsoft-defender-atp/recommendation.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md index 2e38f54fca..b5169fbe69 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -22,6 +22,8 @@ ms.topic: article - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Prerelease information](../../includes/prerelease.md)] + ## Methods Method |Return Type |Description :---|:---|:--- From bb15be19a76bebd5c0724a0c2237ca2c49adc353 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:42:16 -0800 Subject: [PATCH 20/48] Updated file paths for TVM API topics --- windows/security/threat-protection/TOC.md | 26 +++++++++++------------ 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index e754cac2b3..1d0ce5d117 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -443,25 +443,25 @@ ###### [Software]() ####### [Software methods and properties](microsoft-defender-atp/software.md) -####### [List software](get-software.md) -####### [Get software by Id](get-software-by-id.md) -####### [List software version distribution](get-software-ver-distribution.md) -####### [List machines by software](get-machines-by-software.md) -####### [List vulnerabilities by software](get-vuln-by-software.md) +####### [List software](microsoft-defender-atp/get-software.md) +####### [Get software by Id](microsoft-defender-atp/get-software-by-id.md) +####### [List software version distribution](microsoft-defender-atp/get-software-ver-distribution.md) +####### [List machines by software](microsoft-defender-atp/get-machines-by-software.md) +####### [List vulnerabilities by software](microsoft-defender-atp/get-vuln-by-software.md) ###### [Vulnerability]() ####### [Vulnerability methods and properties](microsoft-defender-atp/vulnerability.md) -####### [Get all vulnerabilities](get-all-vulnerabilities.md) -####### [Get vulnerability by Id](get-vulnerability-by-id.md) -####### [List machines by vulnerability](get-machines-by-vulnerability.md) +####### [Get all vulnerabilities](microsoft-defender-atp/get-all-vulnerabilities.md) +####### [Get vulnerability by Id](microsoft-defender-atp/get-vulnerability-by-id.md) +####### [List machines by vulnerability](microsoft-defender-atp/get-machines-by-vulnerability.md) ###### [Recommendation]() ####### [Recommendation methods and properties](microsoft-defender-atp/recommendation.md) -####### [List all recommendations](get-all-recommendations.md) -####### [Get recommendation by Id](get-recommendation-by-id.md) -####### [Get recommendation by software](get-recommendation-software.md) -####### [Get recommendation by machines](get-recommendation-machines.md) -####### [Get recommendation by vulnerabilities](get-recommendation-vulnerabilities.md) +####### [List all recommendations](microsoft-defender-atp/get-all-recommendations.md) +####### [Get recommendation by Id](microsoft-defender-atp/get-recommendation-by-id.md) +####### [Get recommendation by software](microsoft-defender-atp/get-recommendation-software.md) +####### [Get recommendation by machines](microsoft-defender-atp/get-recommendation-machines.md) +####### [Get recommendation by vulnerabilities](microsoft-defender-atp/get-recommendation-vulnerabilities.md) ##### [How to use APIs - Samples]() ###### [Microsoft Flow](microsoft-defender-atp/api-microsoft-flow.md) From 11e09a543c94c199032751bddb8d41dd98ba0026 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 8 Jan 2020 14:48:27 -0800 Subject: [PATCH 21/48] Update software.md --- .../threat-protection/microsoft-defender-atp/software.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/software.md b/windows/security/threat-protection/microsoft-defender-atp/software.md index 5d4dd015b2..48647a6c93 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/software.md @@ -36,7 +36,7 @@ Method |Return Type |Description ## Properties Property | Type | Description :---|:---|:--- -id | String | +id | String | Software ID Name | String | Vendor | String | Weaknesses | Long | From 24ec826bf44e0a7563f65c59f4d17f4be2cdb403 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 13 Jan 2020 16:38:31 -0800 Subject: [PATCH 22/48] Added TVM API topics --- .../get-discovered-vulnerabilities.md | 89 +++++++++++++++++ .../get-installed-software.md | 85 ++++++++++++++++ .../get-security-recommendations.md | 97 +++++++++++++++++++ 3 files changed, 271 insertions(+) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md new file mode 100644 index 0000000000..bc067f116f --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md @@ -0,0 +1,89 @@ +--- +title: Get discovered vulnerabilities +description: Retrieves a collection of discovered vulnerabilities related to a given machine ID. +keywords: apis, graph api, supported apis, get, list, file, information, discovered vulnerabilities, threat & vulnerability management api, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get discovered vulnerabilities +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a collection of discovered vulnerabilities related to a given machine ID. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application |Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information' +Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information' + +## HTTP request +``` +GET /api/machines/{machineId}/vulnerabilities +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the discovered vulnerability information in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/machines/ ac233fa6208e1579620bf44207c4006ed7cc4501/vulnerabilities +``` + +**Response** + +Here is an example of the response. + + +``` +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", + "value": [ + { + "id": "CVE-2019-1348", + "name": "CVE-2019-1348", + "description": "Git could allow a remote attacker to bypass security restrictions, caused by a flaw in the --export-marks option of git fast-import. By persuading a victim to import specially-crafted content, an attacker could exploit this vulnerability to overwrite arbitrary paths.", + "severity": "Medium", + "cvssV3": 4.3, + "exposedMachines": 1, + "publishedOn": "2019-12-13T00:00:00Z", + "updatedOn": "2019-12-13T00:00:00Z", + "publicExploit": false, + "exploitVerified": false, + "exploitInKit": false, + "exploitTypes": [], + "exploitUris": [] + } +} +``` \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md new file mode 100644 index 0000000000..171a32a275 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md @@ -0,0 +1,85 @@ +--- +title: Get installed software +description: Retrieves a collection of installed software related to a given machine ID. +keywords: apis, graph api, supported apis, get, list, file, information, software inventory, installed software per machine, threat & vulnerability management api, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get installed software +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a collection of installed software related to a given machine ID. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application |Software.Read.All | 'Read Threat and Vulnerability Management Software information' +Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information' + +## HTTP request +``` +GET /api/machines/{machineId}/software +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the installed software information in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/machines/ ac233fa6208e1579620bf44207c4006ed7cc4501/software +``` + +**Response** + +Here is an example of the response. + + +``` +{ +"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Software", +"value": [ + { +"id": "microsoft-_-internet_explorer", +"name": "internet_explorer", +"vendor": "microsoft", +"weaknesses": 67, +"publicExploit": true, +"activeAlert": false, +"exposedMachines": 42115, +"impactScore": 46.2037163 + } + ] +} +``` \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md new file mode 100644 index 0000000000..4256ba1c8c --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md @@ -0,0 +1,97 @@ +--- +title: Get security recommendations +description: Retrieves a collection of security recommendations related to a given machine ID. +keywords: apis, graph api, supported apis, get, list, file, information, security recommendation per machine, threat & vulnerability management api, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get security recommendations +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a collection of security recommendations related to a given machine ID. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information' +Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information' + +## HTTP request +``` +GET /api/machines/{machineId}/recommendations +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the security recommendations in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/recommendations +``` + +**Response** + +Here is an example of the response. + + +``` +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations", + "value": [ + { + "id": "va-_-git-scm-_-git", + "productName": "git", + "recommendationName": "Update Git to version 2.24.1.2", + "weaknesses": 3, + "vendor": "git-scm", + "recommendedVersion": "2.24.1.2", + "recommendationCategory": "Application", + "subCategory": "", + "severityScore": 0, + "publicExploit": false, + "activeAlert": false, + "associatedThreats": [], + "remediationType": "Update", + "status": "Active", + "configScoreImpact": 0, + "exposureImpact": 0, + "totalMachineCount": 0, + "exposedMachinesCount": 1, + "nonProductivityImpactedAssets": 0, + "relatedComponent": "Git" + }, +… +} +``` \ No newline at end of file From b3b2ea7db50fdc8f67b07ab2683a4545480bf6c0 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 13 Jan 2020 16:42:05 -0800 Subject: [PATCH 23/48] Update machine.md --- .../threat-protection/microsoft-defender-atp/machine.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index a488cd488b..4bda3515a4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -29,9 +29,9 @@ Method|Return Type |Description [Get machine](get-machine-by-id.md) | [machine](machine.md) | Get a [machine](machine.md) by its identity. [Get logged on users](get-machine-log-on-users.md) | [user](user.md) collection | Get the set of [User](user.md) that logged on to the [machine](machine.md). [Get related alerts](get-machine-related-alerts.md) | [alert](alerts.md) collection | Get the set of [alert](alerts.md) entities that were raised on the [machine](machine.md). -[Get installed software](get-software.md) | [software](software.md) collection | Retrieves a list of software inventory in your organization. -[Get discovered vulnerabilities](get-all-vulnerabilities.md) | [vulnerability](vulnerability.md) collection | Retrieves a list of all the vulnerabilities affecting the organization. -[Get security recommendations](get-all-recommendations.md) | [recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. +[Get installed software](get-installed-software.md) | [software](software.md) collection | Retrieves a list of software inventory in your organization. +[Get discovered vulnerabilities](get-discovered-vulnerabilities.md) | [vulnerability](vulnerability.md) collection | Retrieves a list of all the vulnerabilities affecting the organization. +[Get security recommendations](get-security-recommendations.md) | [recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. [Add or Remove machine tags](add-or-remove-machine-tags.md) | [machine](machine.md) | Add or Remove tag to a specific machine. [Find machines by IP](find-machines-by-ip.md) | [machine](machine.md) collection | Find machines seen with IP. From 41e94fd838c2db6d70ea66e0b1b35149ae130c8f Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 13 Jan 2020 16:45:59 -0800 Subject: [PATCH 24/48] Update machine.md --- .../threat-protection/microsoft-defender-atp/machine.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index 4bda3515a4..8592e1cfde 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -29,9 +29,9 @@ Method|Return Type |Description [Get machine](get-machine-by-id.md) | [machine](machine.md) | Get a [machine](machine.md) by its identity. [Get logged on users](get-machine-log-on-users.md) | [user](user.md) collection | Get the set of [User](user.md) that logged on to the [machine](machine.md). [Get related alerts](get-machine-related-alerts.md) | [alert](alerts.md) collection | Get the set of [alert](alerts.md) entities that were raised on the [machine](machine.md). -[Get installed software](get-installed-software.md) | [software](software.md) collection | Retrieves a list of software inventory in your organization. -[Get discovered vulnerabilities](get-discovered-vulnerabilities.md) | [vulnerability](vulnerability.md) collection | Retrieves a list of all the vulnerabilities affecting the organization. -[Get security recommendations](get-security-recommendations.md) | [recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. +[Get installed software](get-installed-software.md) | [software](software.md) collection | Retrieves a collection of installed software related to a given machine ID. +[Get discovered vulnerabilities](get-discovered-vulnerabilities.md) | [vulnerability](vulnerability.md) collection | Retrieves a collection of discovered vulnerabilities related to a given machine ID. +[Get security recommendations](get-security-recommendations.md) | [recommendation](recommendation.md) collection | Retrieves a collection of security recommendations related to a given machine ID. [Add or Remove machine tags](add-or-remove-machine-tags.md) | [machine](machine.md) | Add or Remove tag to a specific machine. [Find machines by IP](find-machines-by-ip.md) | [machine](machine.md) collection | Find machines seen with IP. From 9b63bbc0f8eb21f42278a8669a14ff5ffa0def12 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 13 Jan 2020 16:49:49 -0800 Subject: [PATCH 25/48] Added TVM APIs --- windows/security/threat-protection/TOC.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 1d0ce5d117..2af50f3e0e 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -390,6 +390,9 @@ ####### [Get machine by ID](microsoft-defender-atp/get-machine-by-id.md) ####### [Get machine log on users](microsoft-defender-atp/get-machine-log-on-users.md) ####### [Get machine related alerts](microsoft-defender-atp/get-machine-related-alerts.md) +####### [Get installed software](get-installed-software.md) +####### [Get discovered vulnerabilities](get-discovered-vulnerabilities.md) +####### [Get security recommendation](get-security-recommendations.md) ####### [Add or Remove machine tags](microsoft-defender-atp/add-or-remove-machine-tags.md) ####### [Find machines by IP](microsoft-defender-atp/find-machines-by-ip.md) From f527ab00a00e245469a5b50a1ad2ee8903080a98 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 13 Jan 2020 16:59:05 -0800 Subject: [PATCH 26/48] Update get-recommendation-software.md --- .../microsoft-defender-atp/get-recommendation-software.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md index 4032adfef3..e8473ba5f8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md @@ -1,5 +1,5 @@ --- -title: Get recommendation software +title: Get recommendation by software description: Retrieves a security recommendation related to a specific software. keywords: apis, graph api, supported apis, get, security recommendation, security recommendation for software, threat and vulnerability management, threat and vulnerability management api search.product: eADQiWindows 10XVcnh @@ -16,7 +16,7 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Get recommendation software +# Get recommendation by software **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) From a28e30170e2b4d0d2ed367ed8db168e197d33d91 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 13 Jan 2020 17:00:09 -0800 Subject: [PATCH 27/48] Update get-recommendation-vulnerabilities.md --- .../get-recommendation-vulnerabilities.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md index 954479aad6..48f13ed4b9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md @@ -1,5 +1,5 @@ --- -title: Get recommendation vulnerabilities +title: Get recommendation by vulnerabilities description: Retrieves a list of vulnerabilities associated with the security recommendation. keywords: apis, graph api, supported apis, get, list of vulnerabilities, security recommendation, security recommendation for vulnerabilities, threat and vulnerability management, threat and vulnerability management api search.product: eADQiWindows 10XVcnh @@ -16,7 +16,7 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Get recommendation vulnerabilities +# Get recommendation by vulnerabilities **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) From 5f669542aa3ed186f109adcad4f5995375858c10 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 13 Jan 2020 17:01:35 -0800 Subject: [PATCH 28/48] Update get-recommendation-machines.md --- .../microsoft-defender-atp/get-recommendation-machines.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md index 772dc4e34b..0060478641 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md @@ -1,5 +1,5 @@ --- -title: Get recommendation machines +title: Get recommendation by machines description: Retrieves a list of machines associated with the security recommendation. keywords: apis, graph api, supported apis, get, security recommendation for vulnerable machines, threat and vulnerability management, threat and vulnerability management api search.product: eADQiWindows 10XVcnh @@ -16,7 +16,7 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Get recommendation machines +# Get recommendation by machines **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) From a702eca096f7bf5e027ccf369bf6281be55199a0 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 13:50:44 -0800 Subject: [PATCH 29/48] Added property descriptions --- .../microsoft-defender-atp/software.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/software.md b/windows/security/threat-protection/microsoft-defender-atp/software.md index 48647a6c93..31c8ef62c0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/software.md @@ -37,11 +37,11 @@ Method |Return Type |Description Property | Type | Description :---|:---|:--- id | String | Software ID -Name | String | -Vendor | String | -Weaknesses | Long | -publicExploit | Boolean | -activeAlert | Boolean | -exposedMachines | Long | -impactScore | Double | +Name | String | Software name +Vendor | String | Software vendor name +Weaknesses | Long | Number of discovered vulnerabilities +publicExploit | Boolean | Public exploit is available for some of the vulnerabilities +activeAlert | Boolean | Active alert is associated with this software +exposedMachines | Long | Number of exposed machines +impactScore | Double | Exposure score impact of this software From b9e4a040a95cf2e980cac30c67ee612925552bb7 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 13:53:45 -0800 Subject: [PATCH 30/48] Added property descriptions --- .../microsoft-defender-atp/vulnerability.md | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md index 1ab9f93f8a..7d023c0efc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md +++ b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md @@ -35,16 +35,16 @@ Method |Return Type |Description ## Properties Property | Type | Description :---|:---|:--- -id | String | -Name | String | -Description | String | -Severity | String | -cvssV3 | Double | -exposedMachines | Long | -publishedOn | DateTime | -updatedOn | DateTime | -publicExploit | Boolean | -exploitVerified | Boolean | -exploitInKit | Boolean | -exploitTypes | String collection | -exploitUris | String collection | +id | String | Vulnerability ID +Name | String | Vulnerability title +Description | String | Vulnerability description +Severity | String | Vulnerability Severity. Possible values are: “Low”, “Medium”, “High”, “Critical” +cvssV3 | Double | CVSS v3 score +exposedMachines | Long | Number of exposed machines +publishedOn | DateTime | Date when vulnerability was published +updatedOn | DateTime | Date when vulnerability was updated +publicExploit | Boolean | Public exploit is available +exploitVerified | Boolean | Exploit is verified to work +exploitInKit | Boolean | Exploit is part of an exploit kit +exploitTypes | String collection | Exploit Impact. Possible values are: “Denial of service”, “Local privilege escalation”, “Denial of service” +exploitUris | String collection | Exploit source URLs From 7b30a81026b1a9daf1526c6096534868d6eab9d1 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 14:00:07 -0800 Subject: [PATCH 31/48] Update recommendation.md --- .../microsoft-defender-atp/recommendation.md | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md index b5169fbe69..a2ad1dbf57 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -37,23 +37,23 @@ Method |Return Type |Description ## Properties Property | Type | Description :---|:---|:--- -id | String | -productName | String | -recommendationName | String | -Weaknesses | Long | -Vendor | String | -recommendedVersion | String | -recommendationCategory | String | -subCategory | String | -severityScore | Double | -publicExploit | Boolean | -activeAlert | Boolean | -associatedThreats | String collection | -remediationType | String | +id | String | Recommendation ID +productName | String | Related software name +recommendationName | String | Recommendation name +Weaknesses | Long | Number of discovered vulnerabilities +Vendor | String | Related vendor name +recommendedVersion | String | Recommended version +recommendationCategory | String | Recommendation category. Possible values are: “Accounts”, “Application”, “Network”, “OS”, “SecurityStack +subCategory | String | Recommendation sub-category +severityScore | Double | Number of secure score points given +publicExploit | Boolean | Public exploit is available +activeAlert | Boolean | Active alert is associated with this recommendation +associatedThreats | String collection | Threat analytics report is associated with this recommendation +remediationType | String | Remedation Type. Possible values are: “ConfigurationChange”,“Update”,“Upgrade”,”Uninstall” Status | Enum | Recommendation exception status. Possible values are: “Active” and “Exception” -configScoreImpact | Double | -exposureImpacte | Double| -totalMachineCount | Long | +configScoreImpact | Double | Secure score impact +exposureImpacte | Double | Exposure score impact +totalMachineCount | Long | Number of installed machines exposedMachinesCount | Long | nonProductivityImpactedAssets | Long | relatedComponent | String | From 4f2f7963259174c15cf1ba2b8c1aa91d2af4927e Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 17:35:32 -0800 Subject: [PATCH 32/48] Added property description --- .../microsoft-defender-atp/recommendation.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md index a2ad1dbf57..7117f61a03 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -54,6 +54,6 @@ Status | Enum | Recommendation exception status. Possible values are: “Active configScoreImpact | Double | Secure score impact exposureImpacte | Double | Exposure score impact totalMachineCount | Long | Number of installed machines -exposedMachinesCount | Long | -nonProductivityImpactedAssets | Long | -relatedComponent | String | +exposedMachinesCount | Long | Number of installed machines that are exposed to vulnerabilities +nonProductivityImpactedAssets | Long | Number of machines which are not affected +relatedComponent | String | Related software component From 3a2901f1491df2936bb4bd8e4e6b1d3eb53014f4 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 19:57:38 -0800 Subject: [PATCH 33/48] Update get-installed-software.md --- .../microsoft-defender-atp/get-installed-software.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md index 171a32a275..1b2a634eff 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md @@ -58,7 +58,7 @@ If successful, this method returns 200 OK with the installed software informatio Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/machines/ ac233fa6208e1579620bf44207c4006ed7cc4501/software +GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/software ``` **Response** @@ -82,4 +82,4 @@ Here is an example of the response. } ] } -``` \ No newline at end of file +``` From 13b94a5695695a5cf6dcab4b86337d03126446f9 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 19:58:48 -0800 Subject: [PATCH 34/48] Update get-discovered-vulnerabilities.md --- .../microsoft-defender-atp/get-discovered-vulnerabilities.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md index bc067f116f..e20da5c5b7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md @@ -58,7 +58,7 @@ If successful, this method returns 200 OK with the discovered vulnerability info Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/machines/ ac233fa6208e1579620bf44207c4006ed7cc4501/vulnerabilities +GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/vulnerabilities ``` **Response** @@ -86,4 +86,4 @@ Here is an example of the response. "exploitUris": [] } } -``` \ No newline at end of file +``` From bfb085cc3d7f9c5eb156f255f7053f9b5e79ee14 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 20:10:36 -0800 Subject: [PATCH 35/48] Update TOC.md --- windows/security/threat-protection/TOC.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 2af50f3e0e..addc5617ed 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -479,7 +479,6 @@ #### [Common Vulnerabilities and Exposures (CVE) to KB map]() ##### [Get CVE-KB map](microsoft-defender-atp/get-cvekbmap-collection.md) - #### [Pull detections to your SIEM tools]() ##### [Learn about different ways to pull detections](microsoft-defender-atp/configure-siem.md) ##### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md) From 19108ca43ae510996853081740b2e61b90d1301a Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 20:17:01 -0800 Subject: [PATCH 36/48] Update software.md --- .../threat-protection/microsoft-defender-atp/software.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/software.md b/windows/security/threat-protection/microsoft-defender-atp/software.md index 31c8ef62c0..49e8e4c12d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/software.md @@ -40,7 +40,7 @@ id | String | Software ID Name | String | Software name Vendor | String | Software vendor name Weaknesses | Long | Number of discovered vulnerabilities -publicExploit | Boolean | Public exploit is available for some of the vulnerabilities +publicExploit | Boolean | Public exploit exists for some of the vulnerabilities activeAlert | Boolean | Active alert is associated with this software exposedMachines | Long | Number of exposed machines impactScore | Double | Exposure score impact of this software From 4af7d0783ee4549601c0bc86a12145e79dfadfc4 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 20:18:15 -0800 Subject: [PATCH 37/48] Update vulnerability.md --- .../threat-protection/microsoft-defender-atp/vulnerability.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md index 7d023c0efc..0ede996269 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md +++ b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md @@ -43,8 +43,8 @@ cvssV3 | Double | CVSS v3 score exposedMachines | Long | Number of exposed machines publishedOn | DateTime | Date when vulnerability was published updatedOn | DateTime | Date when vulnerability was updated -publicExploit | Boolean | Public exploit is available +publicExploit | Boolean | Public exploit exists exploitVerified | Boolean | Exploit is verified to work exploitInKit | Boolean | Exploit is part of an exploit kit -exploitTypes | String collection | Exploit Impact. Possible values are: “Denial of service”, “Local privilege escalation”, “Denial of service” +exploitTypes | String collection | Exploit impact. Possible values are: “Denial of service”, “Local privilege escalation”, “Denial of service” exploitUris | String collection | Exploit source URLs From de04d48b36c73054b6d966c073637b0eae99f266 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 20:19:49 -0800 Subject: [PATCH 38/48] Update recommendation.md --- .../threat-protection/microsoft-defender-atp/recommendation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md index 7117f61a03..d41c53fd57 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -49,7 +49,7 @@ severityScore | Double | Number of secure score points given publicExploit | Boolean | Public exploit is available activeAlert | Boolean | Active alert is associated with this recommendation associatedThreats | String collection | Threat analytics report is associated with this recommendation -remediationType | String | Remedation Type. Possible values are: “ConfigurationChange”,“Update”,“Upgrade”,”Uninstall” +remediationType | String | Remedation type. Possible values are: “ConfigurationChange”,“Update”,“Upgrade”,”Uninstall” Status | Enum | Recommendation exception status. Possible values are: “Active” and “Exception” configScoreImpact | Double | Secure score impact exposureImpacte | Double | Exposure score impact From bbdd5bb9e44144b953d5367c62ca07c20878558b Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Fri, 24 Jan 2020 10:12:45 -0800 Subject: [PATCH 39/48] Updated description based on SME feedback --- .../microsoft-defender-atp/recommendation.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md index d41c53fd57..2da5fe1030 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -45,13 +45,13 @@ Vendor | String | Related vendor name recommendedVersion | String | Recommended version recommendationCategory | String | Recommendation category. Possible values are: “Accounts”, “Application”, “Network”, “OS”, “SecurityStack subCategory | String | Recommendation sub-category -severityScore | Double | Number of secure score points given +severityScore | Double | Potential impact of the configuration to the organization’s configuration score (1-10) publicExploit | Boolean | Public exploit is available activeAlert | Boolean | Active alert is associated with this recommendation associatedThreats | String collection | Threat analytics report is associated with this recommendation remediationType | String | Remedation type. Possible values are: “ConfigurationChange”,“Update”,“Upgrade”,”Uninstall” Status | Enum | Recommendation exception status. Possible values are: “Active” and “Exception” -configScoreImpact | Double | Secure score impact +configScoreImpact | Double | Configuration score impact exposureImpacte | Double | Exposure score impact totalMachineCount | Long | Number of installed machines exposedMachinesCount | Long | Number of installed machines that are exposed to vulnerabilities From a109f8f5be9790be3b3287c0f35db9e3e649d2a3 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 27 Jan 2020 09:22:05 -0800 Subject: [PATCH 40/48] Added pre rel info --- .../security/threat-protection/microsoft-defender-atp/score.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/score.md b/windows/security/threat-protection/microsoft-defender-atp/score.md index 06f002a203..9a903d296f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/score.md @@ -22,6 +22,8 @@ ms.topic: article - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Prerelease information](../../includes/prerelease.md)] + ## Methods Method |Return Type |Description :---|:---|:--- From 5e3621cf0517e3124711ac430dccf120f200b655 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 27 Jan 2020 09:22:43 -0800 Subject: [PATCH 41/48] Update get-machine-group-exposure-score.md --- .../get-machine-group-exposure-score.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md index 42995a2265..5664ee56dd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md @@ -22,6 +22,8 @@ ms.topic: article - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +[!include[Prerelease information](../../includes/prerelease.md)] + Retrieves a collection of alerts related to a given domain address. ## Permissions @@ -91,4 +93,4 @@ Here is an example of the response. } ] } -``` \ No newline at end of file +``` From e8d128ae4f186881f887710a45a7197c495a09fb Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 27 Jan 2020 09:23:33 -0800 Subject: [PATCH 42/48] Added pre rel info --- .../microsoft-defender-atp/get-exposure-score.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md index fadf3a064a..389758df52 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md @@ -22,6 +22,8 @@ ms.topic: article - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Prerelease information](../../includes/prerelease.md)] + Retrieves the organizational exposure score. ## Permissions From 81165d62ab174dc92a930151e2e57d5e45252ffd Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 27 Jan 2020 09:24:35 -0800 Subject: [PATCH 43/48] Added pre rel info --- .../microsoft-defender-atp/get-device-secure-score.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md index d2f1bb53f5..8a00435973 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md @@ -22,6 +22,8 @@ ms.topic: article - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Prerelease information](../../includes/prerelease.md)] + Retrieves the organizational device secure score. ## Permissions From 92693e8cc85939b6262213cb2fbf5bb7b275c88d Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 27 Jan 2020 09:25:12 -0800 Subject: [PATCH 44/48] Update get-device-secure-score.md --- .../microsoft-defender-atp/get-device-secure-score.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md index 8a00435973..dfd844de6b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md @@ -27,7 +27,7 @@ ms.topic: article Retrieves the organizational device secure score. ## Permissions -One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details. Permission type | Permission | Permission display name :---|:---|:--- From c1e2b40a1e8d1dd5ac92941092d1615be2b4929d Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 27 Jan 2020 09:32:09 -0800 Subject: [PATCH 45/48] Update TOC.md --- windows/security/threat-protection/TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index ba2038ad57..5fefcfbc9a 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -499,7 +499,7 @@ ##### [Raw data streaming (preview)](microsoft-defender-atp/raw-data-export.md) ##### [Stream advanced hunting events to Azure Events hub](microsoft-defender-atp/raw-data-export-event-hub.md) ##### [Stream advanced hunting events to your storage account](microsoft-defender-atp/raw-data-export-storage.md) - + #### [SIEM integration]() ##### [Understand threat intelligence concepts](microsoft-defender-atp/threat-indicator-concepts.md) From 09cc860c6bb00c06b23b8493446952a9b99cca39 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 27 Jan 2020 09:48:34 -0800 Subject: [PATCH 46/48] fixed file path issue --- windows/security/threat-protection/TOC.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 5fefcfbc9a..a49cb4bec8 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -400,9 +400,9 @@ ####### [Get machine by ID](microsoft-defender-atp/get-machine-by-id.md) ####### [Get machine log on users](microsoft-defender-atp/get-machine-log-on-users.md) ####### [Get machine related alerts](microsoft-defender-atp/get-machine-related-alerts.md) -####### [Get installed software](get-installed-software.md) -####### [Get discovered vulnerabilities](get-discovered-vulnerabilities.md) -####### [Get security recommendation](get-security-recommendations.md) +####### [Get installed software](microsoft-defender-atp/get-installed-software.md) +####### [Get discovered vulnerabilities](microsoft-defender-atp/get-discovered-vulnerabilities.md) +####### [Get security recommendation](microsoft-defender-atp/get-security-recommendations.md) ####### [Add or Remove machine tags](microsoft-defender-atp/add-or-remove-machine-tags.md) ####### [Find machines by IP](microsoft-defender-atp/find-machines-by-ip.md) From 9652500324aec4990118e4e097ef83e60d71e15a Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 27 Jan 2020 12:40:36 -0800 Subject: [PATCH 47/48] Update preview.md --- .../threat-protection/microsoft-defender-atp/preview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md index a605c4517f..4cde145e4c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md @@ -43,7 +43,7 @@ Turn on the preview experience setting to be among the first to try upcoming fea ## Preview features The following features are included in the preview release: -- [Threat & Vulnerability Management API support](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list)
Run Threat & Vulnerability Management-related API calls such as get your organization's threat exposure score or device secure score, software and machine vulnerability inventory, software version distribution, machine vulnerability information, security recommandation information. +- [Threat & Vulnerability Management API support](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list)
Run Threat & Vulnerability Management-related API calls such as get your organization's threat exposure score or device secure score, software and machine vulnerability inventory, software version distribution, machine vulnerability information, security recommendation information. - [Threat & Vulnerability supported operating systems and platforms](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os)
Ensure that you meet the operating system or platform requisites for Threat & Vulnerability Management so the activities in your devices are properly accounted for. Threat & Vulnerability Management supports Windows 7, Windows 10 1607-1703, Windows 10 1709+, Windows Server 2008R2, Windows Server 2012R2, Windows Server 2016, Windows Server 2019. From a5f51f1e5e99c0c4cd4cdf08b7186090e84f9469 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 27 Jan 2020 12:43:22 -0800 Subject: [PATCH 48/48] Fixed spelling error --- .../threat-protection/microsoft-defender-atp/recommendation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md index 2da5fe1030..221645d516 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -49,7 +49,7 @@ severityScore | Double | Potential impact of the configuration to the organizati publicExploit | Boolean | Public exploit is available activeAlert | Boolean | Active alert is associated with this recommendation associatedThreats | String collection | Threat analytics report is associated with this recommendation -remediationType | String | Remedation type. Possible values are: “ConfigurationChange”,“Update”,“Upgrade”,”Uninstall” +remediationType | String | Remediation type. Possible values are: “ConfigurationChange”,“Update”,“Upgrade”,”Uninstall” Status | Enum | Recommendation exception status. Possible values are: “Active” and “Exception” configScoreImpact | Double | Configuration score impact exposureImpacte | Double | Exposure score impact