deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 14:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Minor updates

Browse Source
This commit is contained in:
ManikaDhiman 2020-06-03 15:31:41 -07:00
parent 2cc555c5b4
commit 361c67dbc7
6 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md
View File

@ -28,8 +28,9 @@ ms.topic: article
Understand what data fields are exposed as part of the detections API and how they map to Microsoft Defender Security Center.
>[!Note]
>- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections
>- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections.
>- **Microsoft Defender ATP Detection** is composed from the suspicious event occurred on the Device and its related **Alert** details.
>- The Microsoft Defender ATP Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
## Detections API fields and portal mapping
The following table lists the available fields exposed in the detections API payload. It shows examples for the populated values and a reference on how data is reflected on the portal.

4
windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
View File

@ -43,7 +43,7 @@ You can access Microsoft Defender ATP API with **Application Context** or **User
Steps that need to be taken to access Microsoft Defender ATP API with application context:
1. Create an AAD Web-Application.
2. Assign the desired permission to the application, for example, 'Read Alerts', 'Isolate Devices'.
2. Assign the desired permission to the application, for example, 'Read Alerts', 'Isolate Machines'.
3. Create a key for this Application.
4. Get token using the application with its key.
5. Use the token to access Microsoft Defender ATP API
@ -56,7 +56,7 @@ You can access Microsoft Defender ATP API with **Application Context** or **User
Steps that needs to be taken to access Microsoft Defender ATP API with application context:
1. Create AAD Native-Application.
2. Assign the desired permission to the application, e.g 'Read Alerts', 'Isolate Devices' etc.
2. Assign the desired permission to the application, e.g 'Read Alerts', 'Isolate Machines' etc.
3. Get token using the application with user credentials.
4. Use the token to access Microsoft Defender ATP API

2
windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
View File

@ -77,7 +77,7 @@ This page explains how to create an AAD application, get an access token to Micr
For instance,
- To [run advanced queries](run-advanced-query-api.md), select 'Run advanced queries' permission
- To [isolate a device](isolate-machine.md), select 'Isolate device' permission
- To [isolate a device](isolate-machine.md), select 'Isolate machine' permission
- To determine which permission you need, please look at the **Permissions** section in the API you are interested to call.
- Click **Grant consent**

2
windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md
View File

@ -68,7 +68,7 @@ The following steps with guide you how to create an AAD application, get an acce
- To [run advanced queries](run-advanced-query-api.md), select 'Run advanced queries' permission
- To [isolate a device](isolate-machine.md), select 'Isolate device' permission
- To [isolate a device](isolate-machine.md), select 'Isolate machine' permission
In the following example we will use **'Read all alerts'** permission:

2
windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
View File

@ -58,7 +58,7 @@ This article explains how to create an Azure AD application, get an access token
Note that you need to select the relevant permissions. 'Read All Alerts' is only an example. For instance:
- To [run advanced queries](run-advanced-query-api.md), select the 'Run advanced queries' permission.
- To [isolate a device](isolate-machine.md), select the 'Isolate device' permission.
- To [isolate a device](isolate-machine.md), select the 'Isolate machine' permission.
- To determine which permission you need, please look at the **Permissions** section in the API you are interested to call.
5. Select **Grant consent**.

2
windows/security/threat-protection/microsoft-defender-atp/files.md
View File

@ -29,7 +29,7 @@ Method|Return Type |Description
:---|:---|:---
[Get file](get-file-information.md) | [file](files.md) | Get a single file
[List file related alerts](get-file-related-alerts.md) | [alert](alerts.md) collection | Get the [alert](alerts.md) entities that are associated with the file.
[List file related devices](get-file-related-machines.md) | [machine](machine.md) collection | Get the [device](machine.md) entities associated with the alert.
[List file related machines](get-file-related-machines.md) | [machine](machine.md) collection | Get the [machine](machine.md) entities associated with the alert.
[file statistics](get-file-statistics.md) | Statistics summary | Retrieves the prevalence for the given file.