deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 10:53:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

add powershell code snippet

Browse Source
This commit is contained in:
jcaparas
2017-03-02 18:12:39 -08:00
parent 03a2dedd0d
commit 2cc3440284
2 changed files with 54 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
windows/keep-secure/code/example.ps1 Normal file
View File

@ -0,0 +1,53 @@
$tenantId = '{Your Tenant ID}
$clientId = '{Your Client ID}'
$clientSecret = '{Your Client Secret}'
$authUrl = "https://login.windows.net/{0}/oauth2/token" -f $tenantId
$tokenPayload = @{
"resource"='https://graph.windows.net'
"client_id" = $clientId
"client_secret" = $clientSecret
"grant_type"='client_credentials'}
$response = Invoke-RestMethod $authUrl -Method Post -Body $tokenPayload
$token = $response.access_token
$headers = @{
"Content-Type"="application/json"
"Accept"="application/json"
"Authorization"="Bearer {0}" -f $token }
$apiBaseUrl = "https://ti.securitycenter.windows.com/V1.0/"
$alertDefinitions =
(Invoke-RestMethod ("{0}AlertDefinitions" -f $apiBaseUrl) -Method Get -Headers $headers).value
$alertDefinitionPayload = @{
"Name"= "The Alert's Name"
"Severity"= "Low"
"InternalDescription"= "An internal description of the Alert"
"Title"= "The Title"
"UxDescription"= "Description of the alerts"
"RecommendedAction"= "The alert's recommended action"
"Category"= "Trojan"
"Enabled"= "true"}
$alertDefinition =
Invoke-RestMethod ("{0}AlertDefinitions" -f $apiBaseUrl) `
-Method Post -Headers $headers -Body ($alertDefinitionPayload | ConvertTo-Json)
$alertDefinitionId = $alertDefinition.Id
$iocPayload = @{
"Type"="Sha1"
"Value"="dead1111eeaabbccddeeaabbccddee11ffffffff"
"DetectionFunction"="Equals"
"Enabled"="true"
"AlertDefinition@odata.bind"="AlertDefinitions({0})" -f $alertDefinitionId }
$ioc =
Invoke-RestMethod ("{0}IndicatorsOfCompromise" -f $apiBaseUrl) `
-Method Post -Headers $headers -Body ($iocPayload | ConvertTo-Json)

19
windows/keep-secure/powershell-example-code-windows-defender-advanced-threat-protection.md
View File

@ -37,24 +37,7 @@ The following example demonstrates how to obtain an Azure AD access token that y
Replace the *tenant\_id*, *client_id*, and *client_secret* values with the ones you got from **Preferences settings** page in the portal: Replace the *tenant\_id*, *client_id*, and *client_secret* values with the ones you got from **Preferences settings** page in the portal:
``` [!code[CustomTIAPI](./code/example.ps1#L1-L14)]
$tenantId = '{Your Tenant ID}
$clientId = '{Your Client ID}'
$clientSecret = '{Your Client Secret}'
$authUrl = "https://login.windows.net/{0}/oauth2/token" -f $tenantId
$tokenPayload = @{
"resource"='https://graph.windows.net'
"client_id" = $clientId
"client_secret" = $clientSecret
"grant_type"='client_credentials'}
$response = Invoke-RestMethod $authUrl -Method Post -Body $tokenPayload
$token = $response.access_token
```
## Create headers ## Create headers
The following example demonstrates how to create headers used for the requests with the API. The following example demonstrates how to create headers used for the requests with the API.