mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-14 22:37:22 +00:00
update toc and add deprecation notes
This commit is contained in:
Joey Caparas
parent
3f2ef1368c
commit
317f1ad478
@ -152,6 +152,8 @@
|
||||
#### [Management and APIs](windows-defender-atp/management-apis.md)
|
||||
##### [Understand threat intelligence concepts](windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
##### [Windows Defender ATP APIs](windows-defender-atp/apis-intro.md)
|
||||
|
||||
|
||||
##### [Managed security service provider support](windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
@ -292,7 +294,7 @@
|
||||
###### [Troubleshoot onboarding issues](windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
|
||||
####### [Troubleshoot subscription and portal access issues](windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
##### [Windows Defender ATP APIs](windows-defender-atp/exposed-apis-intro.md)
|
||||
##### [Windows Defender ATP APIs](windows-defender-atp/use-apis.md)
|
||||
###### Create your app
|
||||
####### [Get access on behalf of a user](windows-defender-atp/exposed-apis-create-app-nativeapp.md)
|
||||
####### [Get access without a user](windows-defender-atp/exposed-apis-create-app-webapp.md)
|
||||
@ -360,65 +362,65 @@
|
||||
####### Multiple APIs
|
||||
######## [PowerShell](windows-defender-atp/exposed-apis-full-sample-powershell.md)
|
||||
|
||||
###### [Use the Windows Defender ATP exposed APIs (deprecated)](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md)
|
||||
####### [Supported Windows Defender ATP APIs](windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md)
|
||||
########Actor
|
||||
######### [Get actor information](windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get actor related alerts](windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
########Alerts
|
||||
######### [Get alerts](windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get alert information by ID](windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get alert related actor information](windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get alert related domain information](windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md)
|
||||
###### [Windows Defender ATP exposed APIs (deprecated)](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md)
|
||||
####### [Supported Windows Defender ATP APIs (deprecated)](windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md)
|
||||
########Actor (deprecated)
|
||||
######### [Get actor information (deprecated)](windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get actor related alerts (deprecated)](windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
########Alerts (deprecated)
|
||||
######### [Get alerts (deprecated)](windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get alert information by ID (deprecated)](windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get alert related actor information (deprecated)](windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get alert related domain information (deprecated)](windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get alert related file information](windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get alert related IP information](windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get alert related machine information](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
|
||||
########Domain
|
||||
######### [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md)
|
||||
######### [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get alert related IP information (deprecated)](windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get alert related machine information (deprecated)](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
|
||||
########Domain (deprecated)
|
||||
######### [Get domain related alerts (deprecated)](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get domain related machines (deprecated)](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get domain statistics (deprecated)](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md)
|
||||
######### [Is domain seen in organization (deprecated)](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
########File
|
||||
######### [Block file](windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get file information](windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get file related alerts](windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get file related machines](windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get file statistics](windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get FileActions collection](windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md)
|
||||
######### [Unblock file](windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md)
|
||||
########File(deprecated)
|
||||
######### [Block file (deprecated)](windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get file information (deprecated)](windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get file related alerts (deprecated)](windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get file related machines (deprecated)](windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get file statistics (deprecated)](windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get FileActions collection (deprecated)](windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md)
|
||||
######### [Unblock file (deprecated)](windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
########IP
|
||||
######### [Get IP related alerts](windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get IP related machines](windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get IP statistics](windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md)
|
||||
######### [Is IP seen in organization](windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md)
|
||||
########Machines
|
||||
######### [Collect investigation package](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md)
|
||||
######### [Find machine information by IP](windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get FileMachineAction object](windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get FileMachineActions collection](windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get machine by ID](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get machine log on users](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get machine related alerts](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get MachineAction object](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get MachineActions collection](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get package SAS URI](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md)
|
||||
######### [Isolate machine](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md)
|
||||
######### [Release machine from isolation](windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md)
|
||||
######### [Remove app restriction](windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
|
||||
######### [Request sample](windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md)
|
||||
######### [Restrict app execution](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md)
|
||||
######### [Run antivirus scan](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md)
|
||||
######### [Stop and quarantine file](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md)
|
||||
########IP (deprecated)
|
||||
######### [Get IP related alerts (deprecated)](windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get IP related machines (deprecated)](windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get IP statistics (deprecated)](windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md)
|
||||
######### [Is IP seen in organization (deprecated)](windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md)
|
||||
########Machines (deprecated)
|
||||
######### [Collect investigation package (deprecated)](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md)
|
||||
######### [Find machine information by IP (deprecated)](windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get machines (deprecated)](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get FileMachineAction object (deprecated)](windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get FileMachineActions collection (deprecated)](windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get machine by ID (deprecated)](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get machine log on users (deprecated)](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get machine related alerts (deprecated)](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get MachineAction object (deprecated)](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get MachineActions collection (deprecated)](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get machines (deprecated)](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get package SAS URI (deprecated)](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md)
|
||||
######### [Isolate machine (deprecated)](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md)
|
||||
######### [Release machine from isolation (deprecated)](windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md)
|
||||
######### [Remove app restriction (deprecated)](windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
|
||||
######### [Request sample (deprecated)](windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md)
|
||||
######### [Restrict app execution (deprecated)](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md)
|
||||
######### [Run antivirus scan (deprecated)](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md)
|
||||
######### [Stop and quarantine file (deprecated)](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
########User
|
||||
######### [Get alert related user information](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get user information](windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get user related alerts](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md)
|
||||
########User (deprecated)
|
||||
######### [Get alert related user information (deprecated)](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get user information (deprecated)](windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get user related alerts (deprecated)](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
######### [Get user related machines (deprecated)](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
|
||||
######Windows updates (KB) info
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Use Windows Defender Advanced Threat Protection APIs
|
||||
description: Use the exposed data and actions using a set of progammatic APIs that are part of the Microsoft Intelligence Security Graph.
|
||||
title: Windows Defender Advanced Threat Protection API overview
|
||||
description: Learn how you can use APIs to automate workflows and innovate based on Windows Defender ATP capabilities
|
||||
keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file, advanced hunting, query
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
@ -13,7 +13,7 @@ ms.localizationpriority: medium
|
||||
ms.date: 09/03/2018
|
||||
---
|
||||
|
||||
# Use Windows Defender ATP APIs
|
||||
# Windows Defender ATP API overview
|
||||
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
@ -13,12 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Block file API
|
||||
# Block file API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
|
||||
Prevent a file from being executed in the organization using Windows Defender Antivirus.
|
||||
|
||||
@ -13,13 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Collect investigation package API
|
||||
# Collect investigation package API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
Collect investigation package from a machine.
|
||||
|
||||
|
||||
@ -0,0 +1,7 @@
|
||||
---
|
||||
ms.date: 10/17/2018
|
||||
---
|
||||
>[!WARNING]
|
||||
|
||||
|
||||
> This page documents a feature that will soon be deprecated. For the updated and supported version, see [Use the Windows Defender ATP APIs](use-apis.md).
|
||||
@ -13,16 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 10/23/2017
|
||||
---
|
||||
|
||||
# Use the Windows Defender ATP exposed APIs
|
||||
# Use the Windows Defender ATP exposed APIs (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
|
||||
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you to automate workflows and innovate based on Windows Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
|
||||
|
||||
|
||||
@ -13,12 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 07/25/2018
|
||||
---
|
||||
|
||||
# Find machine information by internal IP API
|
||||
# Find machine information by internal IP API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
Find a machine entity around a specific timestamp by internal IP.
|
||||
|
||||
|
||||
@ -14,12 +14,13 @@ ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
|
||||
# Get actor information API
|
||||
# Get actor information API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
|
||||
Retrieves an actor information report.
|
||||
|
||||
@ -13,12 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get actor related alerts API
|
||||
# Get actor related alerts API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
|
||||
Retrieves all alerts related to a given actor.
|
||||
|
||||
@ -13,12 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get alert information by ID API
|
||||
# Get alert information by ID API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
|
||||
Retrieves an alert by its ID.
|
||||
|
||||
@ -13,12 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get alert related actor information API
|
||||
# Get alert related actor information API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
|
||||
Retrieves the actor information related to the specific alert.
|
||||
|
||||
@ -13,13 +13,16 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get alert related domain information API
|
||||
# Get alert related domain information API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
|
||||
|
||||
Retrieves all domains related to a specific alert.
|
||||
|
||||
|
||||
@ -13,12 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get alert related files information API
|
||||
# Get alert related files information API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
|
||||
Retrieves all files related to a specific alert.
|
||||
|
||||
@ -13,12 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get alert related IP information API
|
||||
# Get alert related IP information API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
|
||||
Retrieves all IPs related to a specific alert.
|
||||
|
||||
@ -13,12 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get alert related machine information API
|
||||
# Get alert related machine information API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
|
||||
Retrieves all machines related to a specific alert.
|
||||
|
||||
@ -13,13 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get alert related user information API
|
||||
# Get alert related user information API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
Retrieves the user associated to a specific alert.
|
||||
|
||||
|
||||
@ -19,6 +19,7 @@ ms.date: 12/08/2017
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
|
||||
Retrieves top recent alerts.
|
||||
|
||||
@ -13,13 +13,15 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get domain related alerts API
|
||||
# Get domain related alerts API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
|
||||
Retrieves a collection of alerts related to a given domain address.
|
||||
|
||||
|
||||
@ -13,12 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get domain related machines API
|
||||
# Get domain related machines API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
|
||||
Retrieves a collection of machines related to a given domain address.
|
||||
|
||||
@ -13,12 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get domain statistics API
|
||||
# Get domain statistics API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
|
||||
Retrieves the prevalence for the given domain.
|
||||
|
||||
@ -13,13 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get file information API
|
||||
# Get file information API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
|
||||
Retrieves a file by identifier Sha1, Sha256, or MD5.
|
||||
|
||||
@ -13,13 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get file related alerts API
|
||||
# Get file related alerts API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
Retrieves a collection of alerts related to a given file hash.
|
||||
|
||||
|
||||
@ -13,13 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get file related machines API
|
||||
# Get file related machines API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
Retrieves a collection of machines related to a given file hash.
|
||||
|
||||
|
||||
@ -13,13 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get file statistics API
|
||||
# Get file statistics API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
Retrieves the prevalence for the given file.
|
||||
|
||||
|
||||
@ -13,13 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get FileActions collection API
|
||||
# Get FileActions collection API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
Gets collection of actions done on files. Get FileActions collection API supports OData V4 queries.
|
||||
|
||||
|
||||
@ -13,13 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get FileMachineAction object API
|
||||
# Get FileMachineAction object API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
Gets file and machine actions.
|
||||
|
||||
|
||||
@ -13,13 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get FileMachineActions collection API
|
||||
# Get FileMachineActions collection API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
Get collection of file and machine actions. Get FileMachineActions collection API supports OData V4 queries.
|
||||
|
||||
|
||||
@ -13,13 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get IP related alerts API
|
||||
# Get IP related alerts API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
Retrieves a collection of alerts related to a given IP address.
|
||||
|
||||
|
||||
@ -13,13 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get machine by ID API
|
||||
# Get machine by ID API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
Retrieves a machine entity by ID.
|
||||
|
||||
|
||||
@ -13,13 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get machine log on users API
|
||||
# Get machine log on users API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
|
||||
Retrieves a collection of logged on users.
|
||||
|
||||
@ -13,13 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get machine related alerts API
|
||||
# Get machine related alerts API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
Retrieves a collection of alerts related to a given machine ID.
|
||||
|
||||
|
||||
@ -13,13 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get MachineAction object API
|
||||
# Get MachineAction object API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
Get actions done on a machine.
|
||||
|
||||
|
||||
@ -13,13 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get MachineActions collection API
|
||||
# Get MachineActions collection API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
Gets collection of actions done on machines. Get MachineAction collection API supports OData V4 queries.
|
||||
|
||||
|
||||
@ -13,12 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get machines API
|
||||
# Get machines API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
|
||||
Retrieves a collection of recently seen machines.
|
||||
|
||||
@ -13,13 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get package SAS URI API
|
||||
# Get package SAS URI API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
Get a URI that allows downloading of an investigation package.
|
||||
|
||||
|
||||
@ -13,13 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get user information API
|
||||
# Get user information API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
Retrieve a User entity by key (user name or domain\user).
|
||||
|
||||
|
||||
@ -13,13 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get user related alerts API
|
||||
# Get user related alerts API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
Retrieves a collection of alerts related to a given user ID.
|
||||
|
||||
|
||||
@ -13,13 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get user related machines API
|
||||
# Get user related machines API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
Retrieves a collection of machines related to a given user ID.
|
||||
|
||||
|
||||
@ -13,9 +13,14 @@ ms.localizationpriority: medium
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Is domain seen in org
|
||||
# Is domain seen in org (deprecated)
|
||||
Answers whether a domain was seen in the organization.
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
|
||||
|
||||
|
||||
## Permissions
|
||||
User needs read permissions.
|
||||
|
||||
|
||||
@ -13,13 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Is IP seen in org
|
||||
# Is IP seen in org (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
Answers whether an IP was seen in the organization.
|
||||
|
||||
|
||||
@ -13,13 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Isolate machine API
|
||||
# Isolate machine API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
Isolates a machine from accessing external network.
|
||||
|
||||
|
||||
@ -13,13 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Request sample API
|
||||
# Request sample API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
Request sample of a file from a specific machine. File will be collected from the machine and uploaded to a secure storage.
|
||||
|
||||
|
||||
@ -13,12 +13,12 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Restrict app execution API
|
||||
# Restrict app execution API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
Restrict execution of set of predefined applications.
|
||||
|
||||
|
||||
@ -13,12 +13,12 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Run antivirus scan API
|
||||
# Run antivirus scan API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
Initiate Windows Defender Antivirus scan on the machine.
|
||||
|
||||
|
||||
@ -13,12 +13,12 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Stop and quarantine file API
|
||||
# Stop and quarantine file API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
Stop execution of a file on a machine and ensure it’s not executed again on that machine.
|
||||
|
||||
|
||||
@ -13,15 +13,14 @@ ms.localizationpriority: medium
|
||||
ms.date: 09/03/2018
|
||||
---
|
||||
|
||||
# Supported Windows Defender ATP query APIs
|
||||
# Supported Windows Defender ATP query APIs (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
|
||||
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-supportedapis-abovefoldlink)
|
||||
|
||||
Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses.
|
||||
|
||||
## In this section
|
||||
@ -37,5 +36,4 @@ User | Run API calls such as get alert related user information, user informatio
|
||||
KbInfo | Run API call that gets list of Windows KB's information
|
||||
CveKbMap | Run API call that gets mapping of CVE's to corresponding KB's
|
||||
MachineSecurityStates | Run API call that gets list of machines with their security properties and versions
|
||||
MachineGroups | Run API call that gets list of machine group definitions
|
||||
|
||||
MachineGroups | Run API call that gets list of machine group definitions
|
||||
@ -13,13 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Unblock file API
|
||||
# Unblock file API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
Allow a file to be executed in the organization, using Windows Defender Antivirus.
|
||||
|
||||
|
||||
@ -13,13 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Release machine from isolation API
|
||||
# Release machine from isolation API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
Undo isolation of a machine.
|
||||
|
||||
|
||||
@ -13,13 +13,13 @@ ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Remove app restriction API
|
||||
# Remove app restriction API (deprecated)
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Deprecated information](deprecate.md)]
|
||||
|
||||
Unrestrict execution of set of predefined applications.
|
||||
|
||||
|
||||
@ -0,0 +1,26 @@
|
||||
---
|
||||
title: Use the Windows Defender Advanced Threat Protection APIs
|
||||
description: Use the exposed data and actions using a set of progammatic APIs that are part of the Microsoft Intelligence Security Graph.
|
||||
keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 10/23/2017
|
||||
---
|
||||
|
||||
# Use the Windows Defender ATP APIs
|
||||
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
## In this section
|
||||
Topic | Description
|
||||
:---|:---
|
||||
Create your app | Learn how to create an application to get programmatical access to Windows Defender ATP on behalf of a user or without a user.
|
||||
Supported Windows Defender ATP APIs | Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses.
|
||||
How to use APIs - Samples | Learn how to use Advanced hunting APIs and multiple APIs such as PowerShell.
|
||||
Loading…
x
Reference in New Issue
Block a user