From 3965fd992c839d3f1317e8165d44b5bc240881e1 Mon Sep 17 00:00:00 2001 From: Ben Alfasi Date: Mon, 12 Nov 2018 17:06:44 +0200 Subject: [PATCH 1/9] s --- .../windows-defender-atp/exposed-apis-list.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md index d8edf97d46..31a700d1dc 100644 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md +++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md @@ -22,6 +22,25 @@ ms.date: 30/07/2018 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-supportedapis-abovefoldlink) +## End Point URI and Versioning + +### End Point URI: + +> The service base URI is: https://api.securitycenter.windows.com + +> The queries based OData have the '/api' prefix. For example, to get Alerts you can send GET request to https://api.securitycenter.windows.com/api/alerts + +### Versioning: + +> The API supports versioning. + +> The current version is **V1.0**. + +> To use a specific version use this format: https://api.securitycenter.windows.com/api/{Version}. For example: https://api.securitycenter.windows.com/api/v1.0/alerts + +> If you dont specify any version ( without /v1.0/ ) you will get to the latest version. + + Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses. ## In this section From fb57c43f1ea6da267525a9f0a223f4e9d84c7eff Mon Sep 17 00:00:00 2001 From: Ben Alfasi Date: Mon, 12 Nov 2018 18:14:15 +0200 Subject: [PATCH 2/9] s --- .../exposed-apis-odata-samples.md | 146 ++++++++++++++++++ 1 file changed, 146 insertions(+) create mode 100644 windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md new file mode 100644 index 0000000000..0f80a2b138 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md @@ -0,0 +1,146 @@ +--- +title: OData queries with Windows Defender ATP +description: OData queries with Windows Defender ATP +keywords: apis, supported apis, odata, query +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: medium +ms.date: 09/24/2018 +--- + +# OData queries with Windows Defender ATP +**Applies to:** +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +[!include[Prerelease information](prerelease.md)] + +If you are not familliar with OData queries, please see: [OData V4 queries](https://www.odata.org/documentation/) + +** Currently, [Machine](machine-windows-defender-advanced-threat-protection-new.md) and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entities supports all OData queries.** +** [Alert](alerts-windows-defender-advanced-threat-protection-new.md) entity support all OData queries except $filter.** + +### Example 1 + +**Get top 100 machines with 'HealthStatus' not equals to 'Active'** + +``` +HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=healthStatus ne 'Active'&$top=100 +``` + +**Response:** + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", + "value": [ + { + "id": "e3a77eeddb83d581238792387b1239b01286b2f", + "computerDnsName": "examples.dev.corp.microsoft.com", + "firstSeen": "2016-11-02T23:26:03.7882168Z", + "lastSeen": "2018-11-12T10:27:08.708723Z", + "osPlatform": "Windows10", + "osVersion": "10.0.0.0", + "lastIpAddress": "123.123.10.33", + "lastExternalIpAddress": "124.124.160.172", + "agentVersion": "10.6300.18279.1001", + "osBuild": 18279, + "healthStatus": "ImpairedCommunication", + "isAadJoined": true, + "machineTags": [], + "rbacGroupId": 5, + "rbacGroupName": "North", + "riskScore": "Medium", + "aadDeviceId": "d90b0b99-1234-1234-1234-b91d50c6796a" + }, + . + . + . + ] +} +``` + +### Example 2 + +**Get all the machines that last seen after 2018-10-20** + +``` +HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=lastSeen gt 2018-10-20Z +``` + +**Response:** + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", + "value": [ + { + "id": "83123465ffceca4a731234e5dcde3357e026e873", + "computerDnsName": "k0107-vm10", + "firstSeen": "2018-11-12T16:07:50.1706168Z", + "lastSeen": "2018-11-12T16:07:50.1706168Z", + "osPlatform": "WindowsServer2019", + "osVersion": null, + "lastIpAddress": "10.123.72.35", + "lastExternalIpAddress": "123.220.2.3", + "agentVersion": "10.6300.18281.1000", + "osBuild": 18281, + "healthStatus": "Active", + "isAadJoined": false, + "machineTags": [], + "rbacGroupId": 4, + "rbacGroupName": "East", + "riskScore": "None", + "aadDeviceId": null + }, + . + . + . + ] +} +``` + +### Example 2 + +**Get all the anti virus scans that the user Analyst@examples.onmicrosoft.com created using WDATP** + +``` +HTTP GET https://api.securitycenter.windows.com/api/machineactions?$filter=requestor eq 'Analyst@WcdTestPrd.onmicrosoft.com' and type eq 'RunAntiVirusScan' +``` + +**Response:** + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions", + "value": [ + { + "id": "5c3e3322-d993-1234-986b-dfb136ebc8c5", + "type": "RunAntiVirusScan", + "requestor": "Analyst@examples.onmicrosoft.com", + "requestorComment": "1533", + "status": "Succeeded", + "machineId": "123321c10e44a82877af76b1d0161a17843f688a", + "creationDateTimeUtc": "2018-11-12T13:33:24.5755657Z", + "lastUpdateDateTimeUtc": "2018-11-12T13:34:32.0319826Z", + "relatedFileInfo": null + }, + . + . + . + ] +} +``` + +## Related topic +- [Windows Defender ATP APIs](apis-intro.md) From f43a23e29a0d6bae8b1e406ab13bb2c13943a215 Mon Sep 17 00:00:00 2001 From: Ben Alfasi Date: Mon, 12 Nov 2018 18:17:01 +0200 Subject: [PATCH 3/9] s --- windows/security/threat-protection/TOC.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index ba67fd3160..a621eece20 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -306,6 +306,7 @@ ######## [Create custom Power BI reports](windows-defender-atp/run-advanced-query-sample-power-bi-app-token.md) ####### Multiple APIs ######## [PowerShell](windows-defender-atp/exposed-apis-full-sample-powershell.md) +####### [Using OData Queries](exposed-apis-odata-samples.md) ##### [Use the Windows Defender ATP exposed APIs (deprecated)](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md) ###### [Supported Windows Defender ATP APIs (deprecated)](windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md) From 1eb13f7bf75f6b0c840f34312da5b78cf8c20b92 Mon Sep 17 00:00:00 2001 From: Ben Alfasi Date: Mon, 12 Nov 2018 18:25:26 +0200 Subject: [PATCH 4/9] s --- windows/security/threat-protection/TOC.md | 2 +- .../windows-defender-atp/exposed-apis-list.md | 2 +- .../windows-defender-atp/exposed-apis-odata-samples.md | 2 +- ...-alerts-windows-defender-advanced-threat-protection-new.md | 4 +++- 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index a621eece20..b298869bff 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -306,7 +306,7 @@ ######## [Create custom Power BI reports](windows-defender-atp/run-advanced-query-sample-power-bi-app-token.md) ####### Multiple APIs ######## [PowerShell](windows-defender-atp/exposed-apis-full-sample-powershell.md) -####### [Using OData Queries](exposed-apis-odata-samples.md) +####### [Using OData Queries](exposed-apis-odata-samples.) ##### [Use the Windows Defender ATP exposed APIs (deprecated)](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md) ###### [Supported Windows Defender ATP APIs (deprecated)](windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md index 31a700d1dc..c2822f4178 100644 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md +++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md @@ -38,7 +38,7 @@ ms.date: 30/07/2018 > To use a specific version use this format: https://api.securitycenter.windows.com/api/{Version}. For example: https://api.securitycenter.windows.com/api/v1.0/alerts -> If you dont specify any version ( without /v1.0/ ) you will get to the latest version. +> If you don't specify any version ( without /v1.0/ ) you will get to the latest version. Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses. diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md index 0f80a2b138..940cb92430 100644 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md +++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md @@ -19,7 +19,7 @@ ms.date: 09/24/2018 [!include[Prerelease information](prerelease.md)] -If you are not familliar with OData queries, please see: [OData V4 queries](https://www.odata.org/documentation/) +If you are not familiar with OData queries, please see: [OData V4 queries](https://www.odata.org/documentation/) ** Currently, [Machine](machine-windows-defender-advanced-threat-protection-new.md) and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entities supports all OData queries.** ** [Alert](alerts-windows-defender-advanced-threat-protection-new.md) entity support all OData queries except $filter.** diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md index 2ff5212e4b..e109d17851 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md @@ -41,6 +41,8 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts' GET /api/users/{id}/alerts ``` +**Note that the id is not the Full UPN, its only the user name. For example, for user1@contoso.com you will need to send /api/users/user1/alerts** + ## Request headers Name | Type | Description @@ -64,7 +66,7 @@ Here is an example of the request. [!include[Improve request performance](improverequestperformance-new.md)] ``` -GET https://api.securitycenter.windows.com/api/users/user1@contoso.com/alerts +GET https://api.securitycenter.windows.com/api/users/user1/alerts ``` **Response** From dfb70cafbd9e968c90dac7be9cac3e7829350c69 Mon Sep 17 00:00:00 2001 From: Ben Alfasi Date: Mon, 12 Nov 2018 18:27:23 +0200 Subject: [PATCH 5/9] s --- windows/security/threat-protection/TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index b298869bff..a621eece20 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -306,7 +306,7 @@ ######## [Create custom Power BI reports](windows-defender-atp/run-advanced-query-sample-power-bi-app-token.md) ####### Multiple APIs ######## [PowerShell](windows-defender-atp/exposed-apis-full-sample-powershell.md) -####### [Using OData Queries](exposed-apis-odata-samples.) +####### [Using OData Queries](exposed-apis-odata-samples.md) ##### [Use the Windows Defender ATP exposed APIs (deprecated)](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md) ###### [Supported Windows Defender ATP APIs (deprecated)](windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md) From 22e6d5ec91d3d90c3f0f86acb85f273c1f204719 Mon Sep 17 00:00:00 2001 From: Ben Alfasi Date: Mon, 12 Nov 2018 18:56:24 +0200 Subject: [PATCH 6/9] s --- windows/security/threat-protection/TOC.md | 2 +- .../security/threat-protection/windows-defender-atp/TOC.md | 1 + .../windows-defender-atp/exposed-apis-list.md | 2 +- ...chines-windows-defender-advanced-threat-protection-new.md | 5 ++++- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index a621eece20..1a627ddd6d 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -306,7 +306,7 @@ ######## [Create custom Power BI reports](windows-defender-atp/run-advanced-query-sample-power-bi-app-token.md) ####### Multiple APIs ######## [PowerShell](windows-defender-atp/exposed-apis-full-sample-powershell.md) -####### [Using OData Queries](exposed-apis-odata-samples.md) +####### [Using OData Queries](windows-defender-atp/exposed-apis-odata-samples.md) ##### [Use the Windows Defender ATP exposed APIs (deprecated)](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md) ###### [Supported Windows Defender ATP APIs (deprecated)](windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md index 1238a4b2af..f1eaae8d85 100644 --- a/windows/security/threat-protection/windows-defender-atp/TOC.md +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -306,6 +306,7 @@ ####### [Create custom Power BI reports](run-advanced-query-sample-power-bi-app-token.md) ###### Multiple APIs ####### [PowerShell](exposed-apis-full-sample-powershell.md) +###### [Using OData Queries](exposed-apis-odata-samples.md) #### [Use the Windows Defender ATP exposed APIs (deprecated)](exposed-apis-windows-defender-advanced-threat-protection.md) ##### [Supported Windows Defender ATP APIs (deprecated)](supported-apis-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md index c2822f4178..aaf42956c2 100644 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md +++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md @@ -36,7 +36,7 @@ ms.date: 30/07/2018 > The current version is **V1.0**. -> To use a specific version use this format: https://api.securitycenter.windows.com/api/{Version}. For example: https://api.securitycenter.windows.com/api/v1.0/alerts +> To use a specific version, use this format: https://api.securitycenter.windows.com/api/{Version}. For example: https://api.securitycenter.windows.com/api/v1.0/alerts > If you don't specify any version ( without /v1.0/ ) you will get to the latest version. diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md index 53e0047b39..35a87d200a 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md @@ -41,6 +41,9 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine GET /api/users/{id}/machines ``` +**Note that the id is not the Full UPN, its only the user name. For example, for user1@contoso.com you will need to send /api/users/user1/machines** + + ## Request headers Name | Type | Description @@ -64,7 +67,7 @@ Here is an example of the request. [!include[Improve request performance](improverequestperformance-new.md)] ``` -GET https://api.securitycenter.windows.com/api/users/user1@contoso.com/machines +GET https://api.securitycenter.windows.com/api/users/user1/machines ``` **Response** From abc402b107f32aea6e259303716016f155ee5fa2 Mon Sep 17 00:00:00 2001 From: Ben Alfasi Date: Mon, 12 Nov 2018 19:02:00 +0200 Subject: [PATCH 7/9] s --- .../windows-defender-atp/exposed-apis-odata-samples.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md index 940cb92430..a13bd1415e 100644 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md +++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md @@ -19,10 +19,10 @@ ms.date: 09/24/2018 [!include[Prerelease information](prerelease.md)] -If you are not familiar with OData queries, please see: [OData V4 queries](https://www.odata.org/documentation/) +> If you are not familiar with OData queries, please see: [OData V4 queries](https://www.odata.org/documentation/) -** Currently, [Machine](machine-windows-defender-advanced-threat-protection-new.md) and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entities supports all OData queries.** -** [Alert](alerts-windows-defender-advanced-threat-protection-new.md) entity support all OData queries except $filter.** +> ** Currently, [Machine](machine-windows-defender-advanced-threat-protection-new.md) and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entities supports all OData queries.** +> ** [Alert](alerts-windows-defender-advanced-threat-protection-new.md) entity support all OData queries except $filter.** ### Example 1 @@ -108,9 +108,9 @@ Content-type: application/json } ``` -### Example 2 +### Example 3 -**Get all the anti virus scans that the user Analyst@examples.onmicrosoft.com created using WDATP** +**Get all the Anti-Virus scans that the user Analyst@examples.onmicrosoft.com created using WDATP** ``` HTTP GET https://api.securitycenter.windows.com/api/machineactions?$filter=requestor eq 'Analyst@WcdTestPrd.onmicrosoft.com' and type eq 'RunAntiVirusScan' From 60e1b1d178ccf013eb2e255130466bd80f326360 Mon Sep 17 00:00:00 2001 From: Ben Alfasi Date: Mon, 12 Nov 2018 19:07:04 +0200 Subject: [PATCH 8/9] s --- .../exposed-apis-odata-samples.md | 56 ++++++++++++++++--- 1 file changed, 49 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md index a13bd1415e..a7384d989f 100644 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md +++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md @@ -26,10 +26,10 @@ ms.date: 09/24/2018 ### Example 1 -**Get top 100 machines with 'HealthStatus' not equals to 'Active'** +**Get all the machines with 'High' 'RiskScore'** ``` -HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=healthStatus ne 'Active'&$top=100 +HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=riskScore eq 'High' ``` **Response:** @@ -56,7 +56,7 @@ Content-type: application/json "machineTags": [], "rbacGroupId": 5, "rbacGroupName": "North", - "riskScore": "Medium", + "riskScore": "High", "aadDeviceId": "d90b0b99-1234-1234-1234-b91d50c6796a" }, . @@ -68,6 +68,48 @@ Content-type: application/json ### Example 2 +**Get top 100 machines with 'HealthStatus' not equals to 'Active'** + +``` +HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=healthStatus ne 'Active'&$top=100 +``` + +**Response:** + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", + "value": [ + { + "id": "1113333ddb83d581238792387b1239b01286b2f", + "computerDnsName": "examples.dev.corp.microsoft.com", + "firstSeen": "2016-11-02T23:26:03.7882168Z", + "lastSeen": "2018-11-12T10:27:08.708723Z", + "osPlatform": "Windows10", + "osVersion": "10.0.0.0", + "lastIpAddress": "123.123.10.33", + "lastExternalIpAddress": "124.124.160.172", + "agentVersion": "10.6300.18279.1001", + "osBuild": 18279, + "healthStatus": "ImpairedCommunication", + "isAadJoined": true, + "machineTags": [], + "rbacGroupId": 5, + "rbacGroupName": "North", + "riskScore": "Medium", + "aadDeviceId": "d90b0b99-1234-1234-1234-b91d50c6796a" + }, + . + . + . + ] +} +``` + +### Example 3 + **Get all the machines that last seen after 2018-10-20** ``` @@ -83,8 +125,8 @@ Content-type: application/json "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", "value": [ { - "id": "83123465ffceca4a731234e5dcde3357e026e873", - "computerDnsName": "k0107-vm10", + "id": "83113465ffceca4a731234e5dcde3357e026e873", + "computerDnsName": "examples-vm10", "firstSeen": "2018-11-12T16:07:50.1706168Z", "lastSeen": "2018-11-12T16:07:50.1706168Z", "osPlatform": "WindowsServer2019", @@ -108,7 +150,7 @@ Content-type: application/json } ``` -### Example 3 +### Example 4 **Get all the Anti-Virus scans that the user Analyst@examples.onmicrosoft.com created using WDATP** @@ -125,7 +167,7 @@ Content-type: application/json "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions", "value": [ { - "id": "5c3e3322-d993-1234-986b-dfb136ebc8c5", + "id": "5c3e3322-d993-1234-1111-dfb136ebc8c5", "type": "RunAntiVirusScan", "requestor": "Analyst@examples.onmicrosoft.com", "requestorComment": "1533", From 4de5a6c4afde5df0bc0e728d697943f699e6f764 Mon Sep 17 00:00:00 2001 From: Ben Alfasi Date: Mon, 12 Nov 2018 19:29:52 +0200 Subject: [PATCH 9/9] s --- windows/security/threat-protection/TOC.md | 6 ------ .../security/threat-protection/windows-defender-atp/TOC.md | 5 ----- 2 files changed, 11 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 1a627ddd6d..52a4a8c499 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -292,12 +292,6 @@ ######## [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md) -####### Windows updates (KB) info -######## [Get KbInfo collection](windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md) -####### Common Vulnerabilities and Exposures (CVE) to KB map -######## [Get CVE-KB map](windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md) - - ###### How to use APIs - Samples ####### Advanced Hunting API ######## [Schedule advanced Hunting using Microsoft Flow](windows-defender-atp/run-advanced-query-sample-ms-flow.md) diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md index f1eaae8d85..08e1ecbe5a 100644 --- a/windows/security/threat-protection/windows-defender-atp/TOC.md +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -293,11 +293,6 @@ ####### [Get user related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection-new.md) ####### [Get user related machines](get-user-related-machines-windows-defender-advanced-threat-protection-new.md) -###### Windows updates (KB) info -####### [Get KbInfo collection](get-kbinfo-collection-windows-defender-advanced-threat-protection.md) -###### Common Vulnerabilities and Exposures (CVE) to KB map -####### [Get CVE-KB map](get-cvekbmap-collection-windows-defender-advanced-threat-protection.md) - ##### How to use APIs - Samples ###### Advanced Hunting API ####### [Schedule advanced Hunting using Microsoft Flow](run-advanced-query-sample-ms-flow.md)