From 20d62cdc00f6a21468a8b6e5b3c75c72592367a0 Mon Sep 17 00:00:00 2001 From: Ben Alfasi Date: Sun, 28 Oct 2018 08:27:23 +0200 Subject: [PATCH] s --- windows/security/threat-protection/TOC.md | 10 +++++----- .../threat-protection/windows-defender-atp/TOC.md | 10 +++++----- ...dows-defender-advanced-threat-protection-new.md | 10 +++++----- ...dows-defender-advanced-threat-protection-new.md | 10 +++++----- ...dows-defender-advanced-threat-protection-new.md | 12 ++++++------ ...dows-defender-advanced-threat-protection-new.md | 14 +++++++------- ...dows-defender-advanced-threat-protection-new.md | 12 ++++++------ 7 files changed, 39 insertions(+), 39 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 2a3bb8ddea..b2568ff5d9 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -351,11 +351,11 @@ ######## [Get user related alerts](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md) ######## [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md) -####### [Ti Indicator](windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md) -######## [List TiIndicators](windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md) -######## [Get TiIndicator by ID](windows-defender-atp/get-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md) -######## [Submit or Update TiIndicator](windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md) -######## [Delete TiIndicator](windows-defender-atp/delete-ti-indicator-windows-defender-advanced-threat-protection-new.md) +####### [TI Indicator](windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md) +######## [List TI Indicators](windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md) +######## [Get TI Indicator by ID](windows-defender-atp/get-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md) +######## [Submit TI Indicator](windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md) +######## [Delete TI Indicator](windows-defender-atp/delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md) ###### How to use APIs - Samples ####### Advanced Hunting API diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md index 5776de1442..273cc66efe 100644 --- a/windows/security/threat-protection/windows-defender-atp/TOC.md +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -287,11 +287,11 @@ ####### [Get user related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection-new.md) ####### [Get user related machines](get-user-related-machines-windows-defender-advanced-threat-protection-new.md) -###### [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) -####### [List TiIndicators](get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md) -####### [Get TiIndicator by ID](get-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md) -####### [Submit or Update TiIndicator](post-ti-indicator-windows-defender-advanced-threat-protection-new.md) -####### [Delete TiIndicator](delete-ti-indicator-windows-defender-advanced-threat-protection-new.md) +###### [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) +####### [List TI Indicators](get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md) +####### [Get TI Indicator by ID](get-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md) +####### [Submit TI Indicator](post-ti-indicator-windows-defender-advanced-threat-protection-new.md) +####### [Delete TI Indicator](delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md) ##### How to use APIs - Samples ###### Advanced Hunting API diff --git a/windows/security/threat-protection/windows-defender-atp/delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md index bad34080f3..b0d3efb765 100644 --- a/windows/security/threat-protection/windows-defender-atp/delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md @@ -13,7 +13,7 @@ ms.localizationpriority: medium ms.date: 12/08/2017 --- -# Delete Ti Indicator API +# Delete TI Indicator API [!include[Prerelease information](prerelease.md)] @@ -24,14 +24,14 @@ ms.date: 12/08/2017 **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) -Retrieves a Ti Indicator entity by ID. +Retrieves a TI Indicator entity by ID. ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md) Permission type | Permission | Permission display name :---|:---|:--- -Application | Ti.ReadWrite | 'Read and write Ti Indicators' +Application | Ti.ReadWrite | 'Read and write TI Indicators' ## HTTP request @@ -53,8 +53,8 @@ Authorization | String | Bearer {token}. **Required**. Empty ## Response -If successful and machine exists - 204 OK without content. -If Ti Indicator with the specified id was not found - 404 Not Found. +If TI Indicator exist and deleted successfully - 204 OK without content. +If TI Indicator with the specified id was not found - 404 Not Found. ## Example diff --git a/windows/security/threat-protection/windows-defender-atp/get-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md index 9bccb48149..ccd438a908 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md @@ -13,7 +13,7 @@ ms.localizationpriority: medium ms.date: 12/08/2017 --- -# Get Ti Indicator by ID API +# Get TI Indicator by ID API [!include[Prerelease information](prerelease.md)] @@ -24,14 +24,14 @@ ms.date: 12/08/2017 **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) -Retrieves a Ti Indicator entity by ID. +Retrieves a TI Indicator entity by ID. ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md) Permission type | Permission | Permission display name :---|:---|:--- -Application | Ti.ReadWrite | 'Read and write Ti Indicators' +Application | Ti.ReadWrite | 'Read and write TI Indicators' ## HTTP request @@ -53,8 +53,8 @@ Authorization | String | Bearer {token}. **Required**. Empty ## Response -If successful and machine exists - 200 OK with the [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity in the body. -If Ti Indicator with the specified id was not found - 404 Not Found. +If successful and TI Indicator exists - 200 OK with the [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity in the body. +If TI Indicator with the specified id was not found - 404 Not Found. ## Example diff --git a/windows/security/threat-protection/windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md index a20702696c..d2c398ee0f 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md @@ -25,15 +25,15 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) - Gets collection of Ti Indicators. - Get TiIndicators collection API supports [OData V4 queries](https://www.odata.org/documentation/). + Gets collection of TI Indicators. + Get TI Indicators collection API supports [OData V4 queries](https://www.odata.org/documentation/). ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md) Permission type | Permission | Permission display name :---|:---|:--- -Application | Ti.ReadWrite | 'Read and write Ti Indicators' +Application | Ti.ReadWrite | 'Read and write TI Indicators' ## HTTP request @@ -54,17 +54,17 @@ Authorization | String | Bearer {token}. **Required**. Empty ## Response -If successful, this method returns 200, Ok response code with a collection of [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entities. +If successful, this method returns 200, Ok response code with a collection of [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entities. >[!Note] -> The response will only include Ti Indicators that submitted by the calling Application. +> The response will only include TI Indicators that submitted by the calling Application. ## Example **Request** -Here is an example of a request that gets all Ti Indicators +Here is an example of a request that gets all TI Indicators ``` GET https://api.securitycenter.windows.com/api/tiindicators diff --git a/windows/security/threat-protection/windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md index c85c4bbb6f..59030b2ebd 100644 --- a/windows/security/threat-protection/windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md @@ -13,7 +13,7 @@ ms.localizationpriority: medium ms.date: 12/08/2017 --- -# Submit or Update Ti Indicator API +# Submit or Update TI Indicator API [!include[Prerelease information](prerelease.md)] @@ -25,7 +25,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -- Submits or Updates new [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity. +- Submits or Updates new [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity. ## Permissions @@ -33,7 +33,7 @@ One of the following permissions is required to call this API. To learn more, in Permission type | Permission | Permission display name :---|:---|:--- -Application | Ti.ReadWrite | 'Read and write Ti Indicators' +Application | Ti.ReadWrite | 'Read and write TI Indicators' ## HTTP request @@ -56,10 +56,10 @@ In the request body, supply a JSON object with the following parameters: Parameter | Type | Description :---|:---|:--- -indicator | String | Identity of the [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity. **Required** +indicator | String | Identity of the [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity. **Required** indicatorType | Enum | Type of the indicator. Possible values are: "FileSha1", "FileSha256", "IpAddress", "DomainName" and "Url". **Required** action | Enum | The action that will be taken if the indicator will be discovered in the organization. Possible values are: "Alert", "AlertAndBlock", and "Allowed". **Required** -title | String | Ti indicator title. +title | String | TI indicator title. expirationTime | DateTimeOffset | The expiration time of the indicator. severity | Enum | The severity of the indicator. possible values are: "Informational", "Low", "Medium" and "High". description | String | Description of the indicator. @@ -67,8 +67,8 @@ recommendedActions | String | Recommended actions for the indicator. ## Response -- If successful, this method returns 200 - OK response code and the created / updated [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity in the response body. -- If not successful: this method return 400 - Bad Request / 409 - Conflict with the failure reason. Bad request usually indicates incorrect body and Conflict can happen if you try to submit a Ti Indicator with existing indicator value but with different Indicator type or Action. +- If successful, this method returns 200 - OK response code and the created / updated [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity in the response body. +- If not successful: this method return 400 - Bad Request / 409 - Conflict with the failure reason. Bad request usually indicates incorrect body and Conflict can happen if you try to submit a TI Indicator with existing indicator value but with different Indicator type or Action. ## Example diff --git a/windows/security/threat-protection/windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md index 36bff33024..3d3df87d11 100644 --- a/windows/security/threat-protection/windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md @@ -13,7 +13,7 @@ ms.localizationpriority: medium ms.date: 12/08/2017 --- -# TiIndicator resource type +# TI(threat intelligence) Indicator resource type **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) @@ -22,16 +22,16 @@ ms.date: 12/08/2017 Method|Return Type |Description :---|:---|:--- -[List TiIndicators](get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md) | [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) Collection | List [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entities. -[Get TiIndicator by ID](get-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md) | [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) | Gets the requested [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity. -[Submit or Update TiIndicator](post-ti-indicator-windows-defender-advanced-threat-protection-new.md) | [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) | Submits [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity. -[Delete TiIndicator](delete-ti-indicator-windows-defender-advanced-threat-protection-new.md) | No Content | Deletes [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity. +[List TI Indicators](get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md) | [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) Collection | List [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entities. +[Get TI Indicator by ID](get-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md) | [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) | Gets the requested [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity. +[Submit TI Indicator](post-ti-indicator-windows-defender-advanced-threat-protection-new.md) | [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) | Submits [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity. +[Delete TI Indicator](delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md) | No Content | Deletes [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity. # Properties Property | Type | Description :---|:---|:--- -indicator | String | Identity of the [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity. +indicator | String | Identity of the [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity. indicatorType | Enum | Type of the indicator. Possible values are: "FileSha1", "FileSha256", "IpAddress", "DomainName" and "Url" title | String | Ti indicator title. creationTimeDateTimeUtc | DateTimeOffset | The date and time when the indicator was created.