From 361c67dbc705518fde10d8c9bc5f764d42311538 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 3 Jun 2020 15:31:41 -0700 Subject: [PATCH] Minor updates --- .../microsoft-defender-atp/api-portal-mapping.md | 3 ++- .../threat-protection/microsoft-defender-atp/apis-intro.md | 4 ++-- .../exposed-apis-create-app-nativeapp.md | 2 +- .../exposed-apis-create-app-partners.md | 2 +- .../microsoft-defender-atp/exposed-apis-create-app-webapp.md | 2 +- .../threat-protection/microsoft-defender-atp/files.md | 2 +- 6 files changed, 8 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md index 33a0dd182a..6139c4802e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md @@ -28,8 +28,9 @@ ms.topic: article Understand what data fields are exposed as part of the detections API and how they map to Microsoft Defender Security Center. >[!Note] ->- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections +>- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections. >- **Microsoft Defender ATP Detection** is composed from the suspicious event occurred on the Device and its related **Alert** details. +>- The Microsoft Defender ATP Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md). ## Detections API fields and portal mapping The following table lists the available fields exposed in the detections API payload. It shows examples for the populated values and a reference on how data is reflected on the portal. diff --git a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md index fcb5d20e0b..c837df60ee 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md +++ b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md @@ -43,7 +43,7 @@ You can access Microsoft Defender ATP API with **Application Context** or **User Steps that need to be taken to access Microsoft Defender ATP API with application context: 1. Create an AAD Web-Application. - 2. Assign the desired permission to the application, for example, 'Read Alerts', 'Isolate Devices'. + 2. Assign the desired permission to the application, for example, 'Read Alerts', 'Isolate Machines'. 3. Create a key for this Application. 4. Get token using the application with its key. 5. Use the token to access Microsoft Defender ATP API @@ -56,7 +56,7 @@ You can access Microsoft Defender ATP API with **Application Context** or **User Steps that needs to be taken to access Microsoft Defender ATP API with application context: 1. Create AAD Native-Application. - 2. Assign the desired permission to the application, e.g 'Read Alerts', 'Isolate Devices' etc. + 2. Assign the desired permission to the application, e.g 'Read Alerts', 'Isolate Machines' etc. 3. Get token using the application with user credentials. 4. Use the token to access Microsoft Defender ATP API diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md index 15146d95af..8bdf15c60a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md @@ -77,7 +77,7 @@ This page explains how to create an AAD application, get an access token to Micr For instance, - To [run advanced queries](run-advanced-query-api.md), select 'Run advanced queries' permission - - To [isolate a device](isolate-machine.md), select 'Isolate device' permission + - To [isolate a device](isolate-machine.md), select 'Isolate machine' permission - To determine which permission you need, please look at the **Permissions** section in the API you are interested to call. - Click **Grant consent** diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md index da03fac023..53f48b4a51 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md @@ -68,7 +68,7 @@ The following steps with guide you how to create an AAD application, get an acce - To [run advanced queries](run-advanced-query-api.md), select 'Run advanced queries' permission - - To [isolate a device](isolate-machine.md), select 'Isolate device' permission + - To [isolate a device](isolate-machine.md), select 'Isolate machine' permission In the following example we will use **'Read all alerts'** permission: diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md index a41c006894..be3db97ab4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md @@ -58,7 +58,7 @@ This article explains how to create an Azure AD application, get an access token Note that you need to select the relevant permissions. 'Read All Alerts' is only an example. For instance: - To [run advanced queries](run-advanced-query-api.md), select the 'Run advanced queries' permission. - - To [isolate a device](isolate-machine.md), select the 'Isolate device' permission. + - To [isolate a device](isolate-machine.md), select the 'Isolate machine' permission. - To determine which permission you need, please look at the **Permissions** section in the API you are interested to call. 5. Select **Grant consent**. diff --git a/windows/security/threat-protection/microsoft-defender-atp/files.md b/windows/security/threat-protection/microsoft-defender-atp/files.md index afa24af464..5ef6fc7ec4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/files.md +++ b/windows/security/threat-protection/microsoft-defender-atp/files.md @@ -29,7 +29,7 @@ Method|Return Type |Description :---|:---|:--- [Get file](get-file-information.md) | [file](files.md) | Get a single file [List file related alerts](get-file-related-alerts.md) | [alert](alerts.md) collection | Get the [alert](alerts.md) entities that are associated with the file. -[List file related devices](get-file-related-machines.md) | [machine](machine.md) collection | Get the [device](machine.md) entities associated with the alert. +[List file related machines](get-file-related-machines.md) | [machine](machine.md) collection | Get the [machine](machine.md) entities associated with the alert. [file statistics](get-file-statistics.md) | Statistics summary | Retrieves the prevalence for the given file.