deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-23 14:23:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

2

Browse Source
This commit is contained in:
Ben Alfasi
2020-01-05 22:49:09 +02:00
parent 59edc037a4
commit 4e7fa706c4
2 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
View File

@ -16,13 +16,23 @@ ms.collection: M365-security-compliance
ms.topic: article
---
# Create alert from event API
# Create alert API
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
Create alert using event data, as obtained from [Advanced Hunting](run-advanced-query-api.md) for creating a new alert.
## API description
Creates new MDATP [Alert](alerts.md).
<br>MDATP Event is a required parameter for the alert creation.
<br>You can use an event found in Advanced Hunting API or Portal.
<br>If there is an open alert on the same Machine with the same Title, the alerts will be merged to one.
<br>An automatic investigation starts automatically on alerts created via the API.
## Limitations
1. Rate limitations of this API are 15 calls per minute.
## Permissions

5
windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
View File

@ -23,7 +23,6 @@ ms.topic: article
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
Retrieves a collection of Alerts.
<br>Supports [OData V4 queries](https://www.odata.org/documentation/).
<br>The OData's ```$filter``` query is supported on: "alertCreationTime", "incidentId", "InvestigationId", "status", "severity" and "category".
@ -32,8 +31,8 @@ Retrieves a collection of Alerts.
## Limitations
1. You can get alerts last updated in the past 30 days.
2. The maximum page size is 10,000.
3. The rate limitations of this API is 100 calls per minute and 1500 calls per hour.
2. Maximum page size is 10,000.
3. Rate limitations of this API are 100 calls per minute and 1500 calls per hour.
## Permissions