deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-19 00:37:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

add missing file

Browse Source
This commit is contained in:
Joey Caparas 2018-08-30 16:48:32 -07:00
parent b23446c11e
commit 1b2b3977c7
1 changed files with 131 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

131
windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi.md Normal file
View File

@ -0,0 +1,131 @@
---
title: Advanced Hunting API
description: Use this API to run advanced queries
keywords: apis, supported apis, advanced hunting, query
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
ms.date: 30/07/2018
---
# Create custom reports using Power BI
Run advanced queries and show results in Microsoft Power BI. Please read about [Advanced Hunting API](run-advanced-query-api.md) before.
In this section we share Power BI query sample to run a query using application token.
>**Prerequisite**: You first need to [create an app](exposed-apis-intro.md).
## Run a query
- Open Microsoft Power BI
- Click **Get Data** > **Blank Query**
![Image of create blank query](images/power-bi-create-blank-query.png)
- Click **Advanced Editor**
![Image of open advanced editor](images/power-bi-open-advanced-editor.png)
- Copy the below and paste it in the editor, after you update the values of _TenantId, _AppId, _AppSecret, _Query
```
let
TenantId = "00000000-0000-0000-0000-000000000000", // Paste your own tenant ID here
AppId = "11111111-1111-1111-1111-111111111111", // Paste your own app ID here
AppSecret = "22222222-2222-2222-2222-222222222222", // Paste your own app secret here
Query = "MachineInfo | where EventTime > ago(7d) | summarize EventCount=count(), LastSeen=max(EventTime) by MachineId", // Paste your own query here
ResourceAppIdUrl = "https://securitycenter.onmicrosoft.com/windowsatpservice",
OAuthUrl = Text.Combine({"https://login.windows.net/", TenantId, "/oauth2/token"}, ""),
Resource = Text.Combine({"resource", Uri.EscapeDataString(ResourceAppIdUrl)}, "="),
ClientId = Text.Combine({"client_id", AppId}, "="),
ClientSecret = Text.Combine({"client_secret", Uri.EscapeDataString(AppSecret)}, "="),
GrantType = Text.Combine({"grant_type", "client_credentials"}, "="),
Body = Text.Combine({Resource, ClientId, ClientSecret, GrantType}, "&"),
AuthResponse= Json.Document(Web.Contents(OAuthUrl, [Content=Text.ToBinary(Body)])),
AccessToken= AuthResponse[access_token],
Bearer = Text.Combine({"Bearer", AccessToken}, " "),
AdvancedHuntingUrl = "https://api.securitycenter.windows.com/advancedqueries/query",
Response = Json.Document(Web.Contents(
AdvancedHuntingUrl,
[
Headers = [#"Content-Type"="application/json", #"Accept"="application/json", #"Authorization"=Bearer],
Content=Json.FromValue(Query)
]
)),
TypeMap = #table(
{ "Type", "PowerBiType" },
{
{ "Double", Double.Type },
{ "Int64", Int64.Type },
{ "Int32", Int32.Type },
{ "Int16", Int16.Type },
{ "UInt64", Number.Type },
{ "UInt32", Number.Type },
{ "UInt16", Number.Type },
{ "Byte", Byte.Type },
{ "Single", Single.Type },
{ "Decimal", Decimal.Type },
{ "TimeSpan", Duration.Type },
{ "DateTime", DateTimeZone.Type },
{ "String", Text.Type },
{ "Boolean", Logical.Type },
{ "SByte", Logical.Type },
{ "Guid", Text.Type }
}),
Schema = Table.FromRecords(Response[Schema]),
TypedSchema = Table.Join(Table.SelectColumns(Schema, {"Name", "Type"}), {"Type"}, TypeMap , {"Type"}),
Results = Response[Results],
Rows = Table.FromRecords(Results, Schema[Name]),
Table = Table.TransformColumnTypes(Rows, Table.ToList(TypedSchema, (c) => {c{0}, c{2}}))
in Table
```
- Click **Done**
![Image of create advanced query](images/power-bi-create-advanced-query.png)
- Click **Edit Credentials**
![Image of edit credentials](images/power-bi-edit-credentials.png)
- Select **Anonymous** and click **Connect**
![Image of set credentials](images/power-bi-set-credentials.png)
- Repeat the previous step for the second URL
- Click **Continue**
![Image of edit data privacy](images/power-bi-edit-data-privacy.png)
- Select the privacy level you want and click **Save**
![Image of set data privacy](images/power-bi-set-data-privacy.png)
- View the results of your query
![Image of query results](images/power-bi-query-results.png)
## Related topic
- [Windows Defender ATP APIs](exposed-apis-intro.md)
- [Advanced Hunting API](run-advanced-query-api.md)
- [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md)
- [Schedule Advanced Hunting](run-advanced-query-sample-ms-flow.md)