deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 05:13:40 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

s

Browse Source
This commit is contained in:
Ben Alfasi
2018-10-28 08:27:23 +02:00
parent 943b274b62
commit 20d62cdc00
7 changed files with 39 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
windows/security/threat-protection/TOC.md
View File

@ -351,11 +351,11 @@
######## [Get user related alerts](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md)
######## [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md)
####### [Ti Indicator](windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md)
######## [List TiIndicators](windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md)
######## [Get TiIndicator by ID](windows-defender-atp/get-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md)
######## [Submit or Update TiIndicator](windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md)
######## [Delete TiIndicator](windows-defender-atp/delete-ti-indicator-windows-defender-advanced-threat-protection-new.md)
####### [TI Indicator](windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md)
######## [List TI Indicators](windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md)
######## [Get TI Indicator by ID](windows-defender-atp/get-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md)
######## [Submit TI Indicator](windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md)
######## [Delete TI Indicator](windows-defender-atp/delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md)
###### How to use APIs - Samples
####### Advanced Hunting API

10
windows/security/threat-protection/windows-defender-atp/TOC.md
View File

@ -287,11 +287,11 @@
####### [Get user related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection-new.md)
####### [Get user related machines](get-user-related-machines-windows-defender-advanced-threat-protection-new.md)
###### [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md)
####### [List TiIndicators](get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md)
####### [Get TiIndicator by ID](get-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md)
####### [Submit or Update TiIndicator](post-ti-indicator-windows-defender-advanced-threat-protection-new.md)
####### [Delete TiIndicator](delete-ti-indicator-windows-defender-advanced-threat-protection-new.md)
###### [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md)
####### [List TI Indicators](get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md)
####### [Get TI Indicator by ID](get-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md)
####### [Submit TI Indicator](post-ti-indicator-windows-defender-advanced-threat-protection-new.md)
####### [Delete TI Indicator](delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md)
##### How to use APIs - Samples
###### Advanced Hunting API

10
windows/security/threat-protection/windows-defender-atp/delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md
View File

@ -13,7 +13,7 @@ ms.localizationpriority: medium
ms.date: 12/08/2017
---
# Delete Ti Indicator API
# Delete TI Indicator API
[!include[Prerelease<73>information](prerelease.md)]
@ -24,14 +24,14 @@ ms.date: 12/08/2017
**Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
Retrieves a Ti Indicator entity by ID.
Retrieves a TI Indicator entity by ID.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
Permission type | Permission | Permission display name
:---|:---|:---
Application | Ti.ReadWrite | 'Read and write Ti Indicators'
Application | Ti.ReadWrite | 'Read and write TI Indicators'
## HTTP request
@ -53,8 +53,8 @@ Authorization | String | Bearer {token}. **Required**.
Empty
## Response
If successful and machine exists - 204 OK without content.
If Ti Indicator with the specified id was not found - 404 Not Found.
If TI Indicator exist and deleted successfully - 204 OK without content.
If TI Indicator with the specified id was not found - 404 Not Found.
## Example

10
windows/security/threat-protection/windows-defender-atp/get-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md
View File

@ -13,7 +13,7 @@ ms.localizationpriority: medium
ms.date: 12/08/2017
---
# Get Ti Indicator by ID API
# Get TI Indicator by ID API
[!include[Prerelease<73>information](prerelease.md)]
@ -24,14 +24,14 @@ ms.date: 12/08/2017
**Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
Retrieves a Ti Indicator entity by ID.
Retrieves a TI Indicator entity by ID.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
Permission type | Permission | Permission display name
:---|:---|:---
Application | Ti.ReadWrite | 'Read and write Ti Indicators'
Application | Ti.ReadWrite | 'Read and write TI Indicators'
## HTTP request
@ -53,8 +53,8 @@ Authorization | String | Bearer {token}. **Required**.
Empty
## Response
If successful and machine exists - 200 OK with the [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity in the body.
If Ti Indicator with the specified id was not found - 404 Not Found.
If successful and TI Indicator exists - 200 OK with the [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity in the body.
If TI Indicator with the specified id was not found - 404 Not Found.
## Example

12
windows/security/threat-protection/windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md
View File

@ -25,15 +25,15 @@ ms.date: 12/08/2017
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
Gets collection of Ti Indicators.
Get TiIndicators collection API supports [OData V4 queries](https://www.odata.org/documentation/).
Gets collection of TI Indicators.
Get TI Indicators collection API supports [OData V4 queries](https://www.odata.org/documentation/).
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
Permission type | Permission | Permission display name
:---|:---|:---
Application | Ti.ReadWrite | 'Read and write Ti Indicators'
Application | Ti.ReadWrite | 'Read and write TI Indicators'
## HTTP request
@ -54,17 +54,17 @@ Authorization | String | Bearer {token}. **Required**.
Empty
## Response
If successful, this method returns 200, Ok response code with a collection of [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entities.
If successful, this method returns 200, Ok response code with a collection of [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entities.
>[!Note]
> The response will only include Ti Indicators that submitted by the calling Application.
> The response will only include TI Indicators that submitted by the calling Application.
## Example
**Request**
Here is an example of a request that gets all Ti Indicators
Here is an example of a request that gets all TI Indicators
```
GET https://api.securitycenter.windows.com/api/tiindicators

14
windows/security/threat-protection/windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md
View File

@ -13,7 +13,7 @@ ms.localizationpriority: medium
ms.date: 12/08/2017
---
# Submit or Update Ti Indicator API
# Submit or Update TI Indicator API
[!include[Prerelease information](prerelease.md)]
@ -25,7 +25,7 @@ ms.date: 12/08/2017
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
- Submits or Updates new [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
- Submits or Updates new [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
## Permissions
@ -33,7 +33,7 @@ One of the following permissions is required to call this API. To learn more, in
Permission type | Permission | Permission display name
:---|:---|:---
Application | Ti.ReadWrite | 'Read and write Ti Indicators'
Application | Ti.ReadWrite | 'Read and write TI Indicators'
## HTTP request
@ -56,10 +56,10 @@ In the request body, supply a JSON object with the following parameters:
Parameter | Type | Description
:---|:---|:---
indicator | String | Identity of the [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity. **Required**
indicator | String | Identity of the [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity. **Required**
indicatorType | Enum | Type of the indicator. Possible values are: "FileSha1", "FileSha256", "IpAddress", "DomainName" and "Url". **Required**
action | Enum | The action that will be taken if the indicator will be discovered in the organization. Possible values are: "Alert", "AlertAndBlock", and "Allowed". **Required**
title | String | Ti indicator title.
title | String | TI indicator title.
expirationTime | DateTimeOffset | The expiration time of the indicator.
severity | Enum | The severity of the indicator. possible values are: "Informational", "Low", "Medium" and "High".
description | String | Description of the indicator.
@ -67,8 +67,8 @@ recommendedActions | String | Recommended actions for the indicator.
## Response
- If successful, this method returns 200 - OK response code and the created / updated [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity in the response body.
- If not successful: this method return 400 - Bad Request / 409 - Conflict with the failure reason. Bad request usually indicates incorrect body and Conflict can happen if you try to submit a Ti Indicator with existing indicator value but with different Indicator type or Action.
- If successful, this method returns 200 - OK response code and the created / updated [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity in the response body.
- If not successful: this method return 400 - Bad Request / 409 - Conflict with the failure reason. Bad request usually indicates incorrect body and Conflict can happen if you try to submit a TI Indicator with existing indicator value but with different Indicator type or Action.
## Example

12
windows/security/threat-protection/windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md
View File

@ -13,7 +13,7 @@ ms.localizationpriority: medium
ms.date: 12/08/2017
---
# TiIndicator resource type
# TI(threat intelligence) Indicator resource type
**Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
@ -22,16 +22,16 @@ ms.date: 12/08/2017
Method|Return Type |Description
:---|:---|:---
[List TiIndicators](get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md) | [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) Collection | List [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entities.
[Get TiIndicator by ID](get-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md) | [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) | Gets the requested [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
[Submit or Update TiIndicator](post-ti-indicator-windows-defender-advanced-threat-protection-new.md) | [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) | Submits [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
[Delete TiIndicator](delete-ti-indicator-windows-defender-advanced-threat-protection-new.md) | No Content | Deletes [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
[List TI Indicators](get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md) | [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) Collection | List [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entities.
[Get TI Indicator by ID](get-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md) | [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) | Gets the requested [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
[Submit TI Indicator](post-ti-indicator-windows-defender-advanced-threat-protection-new.md) | [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) | Submits [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
[Delete TI Indicator](delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md) | No Content | Deletes [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
# Properties
Property | Type | Description
:---|:---|:---
indicator | String | Identity of the [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
indicator | String | Identity of the [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
indicatorType | Enum | Type of the indicator. Possible values are: "FileSha1", "FileSha256", "IpAddress", "DomainName" and "Url"
title | String | Ti indicator title.
creationTimeDateTimeUtc | DateTimeOffset | The date and time when the indicator was created.