From 461ac2fa0812738c0ca3a3602f0291919f5e3f4f Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 20 Jun 2018 15:28:16 -0700 Subject: [PATCH] update API, add new topic, update toc --- .../windows-defender-atp/TOC.md | 1 + ...ows-defender-advanced-threat-protection.md | 80 +++++++++++++++++++ ...ows-defender-advanced-threat-protection.md | 15 ++-- 3 files changed, 89 insertions(+), 7 deletions(-) create mode 100644 windows/security/threat-protection/windows-defender-atp/find-machine-info-by-fqdn-windows-defender-advanced-threat-protection.md diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md index a8defba7ee..66e5384064 100644 --- a/windows/security/threat-protection/windows-defender-atp/TOC.md +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -130,6 +130,7 @@ #####Machines ###### [Collect investigation package API](collect-investigation-package-windows-defender-advanced-threat-protection.md) ###### [Find machine information by IP](find-machine-info-by-ip-windows-defender-advanced-threat-protection.md) +###### [Find machine information by FQDN](find-machine-info-by-fqdn-windows-defender-advanced-threat-protection.md) ###### [Get machines](get-machines-windows-defender-advanced-threat-protection.md) ###### [Get FileMachineAction object API](get-filemachineaction-object-windows-defender-advanced-threat-protection.md) ###### [Get FileMachineActions collection API](get-filemachineactions-collection-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-fqdn-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-fqdn-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..341de552f7 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-fqdn-windows-defender-advanced-threat-protection.md @@ -0,0 +1,80 @@ +--- +title: Find machine information by interal FQDN API +description: Use this API to create calls related to finding a machine entry around a specific timestamp by FQDN. +keywords: frdn, apis, graph api, supported apis, find machine, machine information +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 06/20/2018 +--- + +# Find machine information by interal FQDN API + +**Applies to:** + +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +[!include[Prerelease information](prerelease.md)] + +Find a machine entity around a specific timestamp by FQDN. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/machines/find(timestamp={time},key={FQDN}) +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + + +## Request body +Empty + +## Response +If successful and machine exists - 200 OK. +If no machine found - 404 Not Found. + + +## Example + +Request + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/machines/find(timestamp=2018-06-19T10:00:00Z,key='https://contoso.com') +Content-type: application/json +``` + +Response + +Here is an example of the response. + +The response will return a list of all machines that reported this FQDN address within sixteen minutes prior and after the timestamp. + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines", + "value": [ + { + "id": "04c99d46599f078f1c3da3783cf5b95f01ac61bb", + "computerDnsName": "", + "firstSeen": "2018-06-19T01:25:04.9480498Z", + "osPlatform": "Windows10", +… +} +``` diff --git a/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md index c654298268..6c0b695ea8 100644 --- a/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- title: Find machine information by interal IP API -description: Use this API to create calls related to finding a machine entry around a specific timestamp by FQDN or interal IP. -keywords: apis, graph api, supported apis, find machine, machine information, IP +description: Use this API to create calls related to finding a machine entry around a specific timestamp by interal IP. +keywords: ip, apis, graph api, supported apis, find machine, machine information search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 12/08/2017 +ms.date: 06/20/2018 --- # Find machine information by interal IP API @@ -21,14 +21,14 @@ ms.date: 12/08/2017 [!include[Prerelease information](prerelease.md)] -Find a machine entity around a specific timestamp by FQDN or internal IP. +Find a machine entity around a specific timestamp by internal IP. ## Permissions User needs read permissions. ## HTTP request ``` -GET /testwdatppreview/machines/find(timestamp={time},key={IP/FQDN}) +GET /testwdatppreview/machines/find(timestamp={time},key={IP}) ``` ## Request headers @@ -54,7 +54,7 @@ Request Here is an example of the request. ``` -GET https://graph.microsoft.com/testwdatppreview/machines/find(timestamp={time},key={IP/FQDN}) +GET https://graph.microsoft.com/testwdatppreview/machines/find(timestamp=2018-06-19T10:00:00Z,key='10.0.0.0') Content-type: application/json ``` @@ -62,6 +62,7 @@ Response Here is an example of the response. +The response will return a list of all machines that reported this IP address within sixteen minutes prior and after the timestamp. ``` HTTP/1.1 200 OK @@ -72,7 +73,7 @@ Content-type: application/json { "id": "04c99d46599f078f1c3da3783cf5b95f01ac61bb", "computerDnsName": "", - "firstSeen": "2017-07-06T01:25:04.9480498Z", + "firstSeen": "2018-06-19T01:25:04.9480498Z", "osPlatform": "Windows10", … }