deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 14:27:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

udpates to custom ti

Browse Source
This commit is contained in:
Joey Caparas 2017-02-16 12:02:50 -08:00
parent 1491c7795c
commit 2bead5b45e
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/keep-secure/custom-ti-api-windows-defender-advanced-threat-protection.md
View File

@ -82,7 +82,7 @@ Content-Type: application/json;
{ {
"Name": " The name of the IOA. Does not appear in the portal. Max length: 100 ", "Name": " The name of the alert definition. Does not appear in the portal. Max length: 100 ",
"Severity": "Low", "Severity": "Low",
"InternalDescription": "Internal description for the alert definition. Does not appear in the portal. Max length: 350", "InternalDescription": "Internal description for the alert definition. Does not appear in the portal. Max length: 350",
"Title": "A short, one sentence, description of the alert definition. Max length: 120", "Title": "A short, one sentence, description of the alert definition. Max length: 120",
@ -305,7 +305,7 @@ Authorization: Bearer <access_token>
If successful, you should get a 204 NO CONTENT response. If successful, you should get a 204 NO CONTENT response.
>[!NOTE] >[!NOTE]
> - Deleting an alert definition also deletes its corresponding IOC. > - Deleting an alert definition also deletes its corresponding IOCs.
> - Deleting an IOC or an alert definition will not delete or hide past alerts matching the alert definition. However, deleting an alert definition and creating a new one with the exact same metadata will result in new alerts in the portal. It's not advised to delete an alert definition and create a new one with the same content. > - Deleting an IOC or an alert definition will not delete or hide past alerts matching the alert definition. However, deleting an alert definition and creating a new one with the exact same metadata will result in new alerts in the portal. It's not advised to delete an alert definition and create a new one with the same content.
## Delete all ## Delete all

6
windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md
View File

@ -25,9 +25,9 @@ localizationpriority: high
Before you can create custom threat intelligence (TI) using REST API, you'll need to set up the custom threat intelligence application through the Windows Defender ATP portal. Before you can create custom threat intelligence (TI) using REST API, you'll need to set up the custom threat intelligence application through the Windows Defender ATP portal.
1. In the navigation pane, select **Preference Setup** > **Custom TI**. 1. In the navigation pane, select **Preference Setup** > **Threat intel API**.
2. Select **Enable custom TI application**. This activates the **Azure Active Directory application** setup sections with pre-populated values. 2. Select **Enable threat intel API**. This activates the **Azure Active Directory application** setup sections with pre-populated values.
3. Copy the individual values or select **Save details to file** to download a file that contains all the values. 3. Copy the individual values or select **Save details to file** to download a file that contains all the values.
@ -37,7 +37,7 @@ Before you can create custom threat intelligence (TI) using REST API, you'll nee
4. Select **Generate tokens** to get an access and refresh token. 4. Select **Generate tokens** to get an access and refresh token.
You'll need to use these values on the JSON file when doing REST API calls. Youll need to use the access token in the Authorization header when doing REST API calls.
## Related topics ## Related topics
- [Understand threat intelligence](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) - [Understand threat intelligence](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)