finish update alerts

2025-06-23 22:33:41 +00:00 · 2020-01-05 23:51:01 +02:00
parent 9c47ddf6e1
commit 4985886e24
9 changed files with 105 additions and 84 deletions
--- a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
@ -22,6 +22,7 @@ ms.topic: article
 - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Creates new [Alert](alerts.md).
 <br>Microsoft Defender ATP Event is a required parameter for the alert creation.
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md
@ -18,11 +18,19 @@ ms.topic: article
 # Get alert information by ID API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves specific [Alert](alerts.md) by its ID.
 ## Limitations
 1. You can get alerts last updated in the past 30 days.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 Retrieves an alert by its ID.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -56,46 +64,3 @@ Empty
 ## Response
 If successful, this method returns 200 OK, and the [alert](alerts.md) entity in the response body. If alert with the specified id was not found - 404 Not Found.
 ## Example
 **Request**
 Here is an example of the request.
 [!include[Improve request performance](../../includes/improve-request-performance.md)]
 ```
 GET https://api.securitycenter.windows.com/api/alerts/441688558380765161_2136280442
 ```
 **Response**
 Here is an example of the response.
 ```
 {
    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts",
    "id": "441688558380765161_2136280442",
 	"incidentId": 8633,
 	"assignedTo": "secop@contoso.com",
 	"severity": "Low",
 	"status": "InProgress",
 	"classification": "TruePositive",
 	"determination": "Malware",
 	"investigationState": "Running",
 	"category": "MalwareDownload",
 	"detectionSource": "WindowsDefenderAv",
 	"threatFamilyName": "Mikatz",
 	"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
 	"description": "Some description",
 	"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
 	"firstEventTime": "2018-11-25T16:17:50.0948658Z",
 	"lastEventTime": "2018-11-25T16:18:01.809871Z",
 	"resolvedTime": null,
 	"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
 }
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md
@ -18,12 +18,20 @@ ms.topic: article
 # Get alert related domain information API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves all domains related to a specific alert.
 ## Limitations
 1. You can query on alerts last updated in the past 30 days.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -79,7 +87,11 @@ Content-type: application/json
    "value": [
        {
            "host": "www.example.com"
        },
 		{
            "host": "www.example2.com"
        }
 		...
    ]
 }
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md
@ -18,12 +18,20 @@ ms.topic: article
 # Get alert related files information API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves all files related to a specific alert.
 ## Limitations
 1. You can query on alerts last updated in the past 30 days.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -79,23 +87,25 @@ Content-type: application/json
    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Files",
    "value": [
        {
-            "sha1": "654f19c41d9662cf86be21bf0af5a88c38c56a9d",
+            "sha1": "f2a00fd2f2de1be0214b8529f1e9f67096c1aa70",
-            "sha256": "2f905feec2798cee6f63da2c26758d86bfeaab954c01e20ac7085bf55fedde87",
+            "sha256": "dcd71ef5fff4362a9f64cf3f96f14f2b11d6f428f3badbedcb9ff3361e7079aa",
-            "md5": "82849dc81d94056224445ea73dc6153a",
+            "md5": "8d5b7cc9a832e21d22503057e1fec8e9",
-            "globalPrevalence": 33,
+            "globalPrevalence": 29,
-            "globalFirstObserved": "2018-07-17T18:17:27.5909748Z",
+            "globalFirstObserved": "2019-03-23T23:54:06.0135204Z",
-            "globalLastObserved": "2018-08-06T16:07:12.9414137Z",
+            "globalLastObserved": "2019-04-23T00:43:20.0489831Z",
-            "windowsDefenderAVThreatName": null,
+            "size": 113984,
-            "size": 801112,
+            "fileType": null,
            "fileType": "PortableExecutable",
            "isPeFile": true,
-            "filePublisher": null,
+            "filePublisher": "Microsoft Corporation",
-            "fileProductName": null,
+            "fileProductName": "Microsoft<66> Windows<77> Operating System",
-            "signer": "Microsoft Windows",
+            "signer": "Microsoft Corporation",
-            "issuer": "Microsoft Development PCA 2014",
+            "issuer": "Microsoft Code Signing PCA",
-            "signerHash": "9e284231a4d1c53fc8d4492b09f65116bf97447f",
+            "signerHash": "9dc17888b5cfad98b3cb35c1994e96227f061675",
-            "isValidCertificate": true
+            "isValidCertificate": true,
            "determinationType": "Unknown",
            "determinationValue": null
        }
 		...
    ]
 }
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md
@ -16,14 +16,22 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
-# Get alert related IP information API
+# Get alert related IPs information API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves all IPs related to a specific alert.
 ## Limitations
 1. You can query on alerts last updated in the past 30 days.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -85,6 +93,7 @@ Content-type: application/json
 				{
 					"id": "23.203.232.228	
 				}
 				...
 	]
 }
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
@ -18,11 +18,19 @@ ms.topic: article
 # Get alert related machine information API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves [Machine](machine.md) related to a specific alert.
 ## Limitations
 1. You can query on alerts last updated in the past 30 days.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 Retrieves machine that is related to a specific alert.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -85,15 +93,16 @@ Content-type: application/json
    "firstSeen": "2018-08-02T14:55:03.7791856Z",
 	"lastSeen": "2018-08-02T14:55:03.7791856Z",
    "osPlatform": "Windows10",
-    "osVersion": "10.0.0.0",
+    "version": null,
 	"osProcessor": "x64",
    "lastIpAddress": "172.17.230.209",
    "lastExternalIpAddress": "167.220.196.71",
    "agentVersion": "10.5830.18209.1001",
    "osBuild": 18209,
    "healthStatus": "Active",
    "rbacGroupId": 140,
 	"rbacGroupName": "The-A-Team",
    "riskScore": "Low",
 	"exposureLevel": "Medium",
 	"isAadJoined": true,
    "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
 	"machineTags": [ "test tag 1", "test tag 2" ]
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
@ -18,11 +18,19 @@ ms.topic: article
 # Get alert related user information API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves the User related to a specific alert.
 ## Limitations
 1. You can query on alerts last updated in the past 30 days.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 Retrieves the user associated to a specific alert.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -80,13 +88,16 @@ Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Users/$entity",
    "id": "contoso\\user1",
-    "firstSeen": "2018-08-02T00:00:00Z",
+    "accountName": "user1",
-    "lastSeen": "2018-08-04T00:00:00Z",
+    "accountDomain": "contoso",
-    "mostPrevalentMachineId": null,
+    "accountSid": "S-1-5-21-72051607-1745760036-109187956-93922",
-    "leastPrevalentMachineId": null,
+    "firstSeen": "2019-12-08T06:33:39Z",
    "lastSeen": "2020-01-05T06:58:34Z",
    "mostPrevalentMachineId": "0111b647235c26159bec3e5eb6c8c3a0cc3ab766",
    "leastPrevalentMachineId": "0111b647235c26159bec3e5eb6c8c3a0cc3ab766",
    "logonTypes": "Network",
-    "logOnMachinesCount": 3,
+    "logOnMachinesCount": 1,
    "isDomainAdmin": false,
-    "isOnlyNetworkUser": null
+    "isOnlyNetworkUser": false
 }
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
@ -22,6 +22,7 @@ ms.topic: article
 - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves a collection of Alerts.
 <br>Supports [OData V4 queries](https://www.odata.org/documentation/).
@ -123,6 +124,7 @@ Here is an example of the response.
 				}
 			]
 		}
 		...
 	]
 }
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md
@ -18,9 +18,10 @@ ms.topic: article
 # Update alert
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 ## API description
 Updates properties of existing [Alert](alerts.md).
@ -32,6 +33,7 @@ Updates properties of existing [Alert](alerts.md).
 1. You can update alerts that available in the API. See [List Alerts](get-alerts.md) for more information.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)