From 2cc3440284892a9d910b3ca2fe74b270a0d867bb Mon Sep 17 00:00:00 2001 From: jcaparas Date: Thu, 2 Mar 2017 18:12:39 -0800 Subject: [PATCH] add powershell code snippet --- windows/keep-secure/code/example.ps1 | 53 +++++++++++++++++++ ...ows-defender-advanced-threat-protection.md | 19 +------ 2 files changed, 54 insertions(+), 18 deletions(-) create mode 100644 windows/keep-secure/code/example.ps1 diff --git a/windows/keep-secure/code/example.ps1 b/windows/keep-secure/code/example.ps1 new file mode 100644 index 0000000000..0cbdecefac --- /dev/null +++ b/windows/keep-secure/code/example.ps1 @@ -0,0 +1,53 @@ +$tenantId = '{Your Tenant ID}’ +$clientId = '{Your Client ID}' +$clientSecret = '{Your Client Secret}' + +$authUrl = "https://login.windows.net/{0}/oauth2/token" -f $tenantId + +$tokenPayload = @{ + "resource"='https://graph.windows.net' + "client_id" = $clientId + "client_secret" = $clientSecret + "grant_type"='client_credentials'} + +$response = Invoke-RestMethod $authUrl -Method Post -Body $tokenPayload +$token = $response.access_token + +$headers = @{ + "Content-Type"="application/json" + "Accept"="application/json" + "Authorization"="Bearer {0}" -f $token } + +$apiBaseUrl = "https://ti.securitycenter.windows.com/V1.0/" + +$alertDefinitions = + (Invoke-RestMethod ("{0}AlertDefinitions" -f $apiBaseUrl) -Method Get -Headers $headers).value + +$alertDefinitionPayload = @{ + "Name"= "The Alert's Name" + "Severity"= "Low" + "InternalDescription"= "An internal description of the Alert" + "Title"= "The Title" + + "UxDescription"= "Description of the alerts" + "RecommendedAction"= "The alert's recommended action" + "Category"= "Trojan" + "Enabled"= "true"} + +$alertDefinition = + Invoke-RestMethod ("{0}AlertDefinitions" -f $apiBaseUrl) ` + -Method Post -Headers $headers -Body ($alertDefinitionPayload | ConvertTo-Json) + +$alertDefinitionId = $alertDefinition.Id + +$iocPayload = @{ + "Type"="Sha1" + "Value"="dead1111eeaabbccddeeaabbccddee11ffffffff" + "DetectionFunction"="Equals" + "Enabled"="true" + "AlertDefinition@odata.bind"="AlertDefinitions({0})" -f $alertDefinitionId } + + +$ioc = + Invoke-RestMethod ("{0}IndicatorsOfCompromise" -f $apiBaseUrl) ` + -Method Post -Headers $headers -Body ($iocPayload | ConvertTo-Json) diff --git a/windows/keep-secure/powershell-example-code-windows-defender-advanced-threat-protection.md b/windows/keep-secure/powershell-example-code-windows-defender-advanced-threat-protection.md index b06391c16d..91887039fa 100644 --- a/windows/keep-secure/powershell-example-code-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/powershell-example-code-windows-defender-advanced-threat-protection.md @@ -37,24 +37,7 @@ The following example demonstrates how to obtain an Azure AD access token that y Replace the *tenant\_id*, *client_id*, and *client_secret* values with the ones you got from **Preferences settings** page in the portal: -``` - -$tenantId = '{Your Tenant ID} -$clientId = '{Your Client ID}' -$clientSecret = '{Your Client Secret}' - -$authUrl = "https://login.windows.net/{0}/oauth2/token" -f $tenantId - -$tokenPayload = @{ - "resource"='https://graph.windows.net' - "client_id" = $clientId - "client_secret" = $clientSecret - "grant_type"='client_credentials'} - -$response = Invoke-RestMethod $authUrl -Method Post -Body $tokenPayload -$token = $response.access_token - -``` +[!code[CustomTIAPI](./code/example.ps1#L1-L14)] ## Create headers The following example demonstrates how to create headers used for the requests with the API.