update from master

2025-07-06 12:43:39 +00:00 · 2017-03-07 15:40:10 -08:00
parent 6992270eb5
commit 4798a947dc
443 changed files with 10307 additions and 3749 deletions
--- a/windows/keep-secure/code/example.ps1
+++ b/windows/keep-secure/code/example.ps1
@ -0,0 +1,52 @@
+$tenantId = '{Your Tenant ID}'
+$clientId = '{Your Client ID}'
+$clientSecret = '{Your Client Secret}'
+
+$authUrl = "https://login.windows.net/{0}/oauth2/token" -f $tenantId
+
+$tokenPayload = @{
+    "resource"='https://graph.windows.net'
+    "client_id" = $clientId
+    "client_secret" = $clientSecret
+    "grant_type"='client_credentials'}
+
+$response = Invoke-RestMethod $authUrl -Method Post -Body $tokenPayload
+$token = $response.access_token
+
+$headers = @{
+    "Content-Type"="application/json"
+    "Accept"="application/json"
+    "Authorization"="Bearer {0}" -f $token }
+
+$apiBaseUrl = "https://ti.securitycenter.windows.com/V1.0/"
+
+$alertDefinitions =
+    (Invoke-RestMethod ("{0}AlertDefinitions" -f $apiBaseUrl) -Method Get -Headers $headers).value
+
+$alertDefinitionPayload = @{
+    "Name"= "The alert's name"
+    "Severity"= "Low"
+    "InternalDescription"= "An internal description of the Alert"
+    "Title"= "The Title"
+    "UxDescription"= "Description of the alerts"
+    "RecommendedAction"= "The alert's recommended action"
+    "Category"= "Trojan"
+    "Enabled"= "true"}
+
+$alertDefinition =
+    Invoke-RestMethod ("{0}AlertDefinitions" -f $apiBaseUrl) `
+        -Method Post -Headers $headers -Body ($alertDefinitionPayload | ConvertTo-Json)
+
+$alertDefinitionId = $alertDefinition.Id
+
+$iocPayload = @{
+    "Type"="Sha1"
+    "Value"="dead1111eeaabbccddeeaabbccddee11ffffffff"
+    "DetectionFunction"="Equals"
+    "Enabled"="true"
+    "AlertDefinition@odata.bind"="AlertDefinitions({0})" -f $alertDefinitionId }
+
+
+$ioc =
+    Invoke-RestMethod ("{0}IndicatorsOfCompromise" -f $apiBaseUrl) `
+         -Method Post -Headers $headers -Body ($iocPayload | ConvertTo-Json)
--- a/windows/keep-secure/code/example.py
+++ b/windows/keep-secure/code/example.py
@ -0,0 +1,53 @@
+import json
+import requests
+from pprint import pprint
+
+tenant_id="{your tenant ID}"
+client_id="{your client ID}"
+client_secret="{your client secret}"
+
+auth_url = "https://login.windows.net/{0}/oauth2/token".format(tenant_id)
+
+payload = {"resource": "https://graph.windows.net",
+           "client_id": client_id,
+           "client_secret": client_secret,
+           "grant_type": "client_credentials"}
+
+response = requests.post(auth_url, payload)
+token = json.loads(response.text)["access_token"]
+
+with requests.Session() as session:
+    session.headers = {
+        'Authorization': 'Bearer {}'.format(token),
+        'Content-Type': 'application/json',
+        'Accept': 'application/json'}
+
+    response = session.get("https://ti.securitycenter.windows.com/V1.0/AlertDefinitions")
+    pprint(json.loads(response.text))
+
+    alert_definition = {"Name": "The alert's name",
+                        "Severity": "Low",
+                        "InternalDescription": "An internal description of the alert",
+                        "Title": "The Title",
+                        "UxDescription": "Description of the alerts",
+                        "RecommendedAction": "The alert's recommended action",
+                        "Category": "Trojan",
+                        "Enabled": True}
+
+    response = session.post(
+        "https://ti.securitycenter.windows.com/V1.0/AlertDefinitions",
+        json=alert_definition)
+
+    alert_definition_id = json.loads(response.text)["Id"]
+
+    ioc = {'Type': "Sha1",
+           'Value': "dead1111eeaabbccddeeaabbccddee11ffffffff",
+           'DetectionFunction': "Equals",
+           'Enabled': True,
+           "AlertDefinition@odata.bind": "AlertDefinitions({0})".format(alert_definition_id)}
+
+    response = session.post(
+        "https://ti.securitycenter.windows.com/V1.0/IndicatorsOfCompromise",
+        json=ioc)
+
+    pprint(json.loads(response.text))