deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-28 21:27:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

5

Browse Source
This commit is contained in:
Ben Alfasi 2019-11-06 17:37:58 +02:00
parent f1bf57df62
commit 4fa86409a4
2 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
View File

@ -18,11 +18,11 @@ ms.topic: article
# Create alert from event API # Create alert from event API
**Applies to:** **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
Enables using event data, as obtained from the [Advanced Hunting](run-advanced-query-api.md) for creating a new alert entity. Create alert using event data, as obtained from [Advanced Hunting](run-advanced-query-api.md) for creating a new alert.
## Permissions ## Permissions
@ -64,7 +64,7 @@ description | String | Description of the alert. **Required**.
recommendedAction| String | Action that is recommended to be taken by security officer when analyzing the alert. **Required**. recommendedAction| String | Action that is recommended to be taken by security officer when analyzing the alert. **Required**.
eventTime | DateTime(UTC) | The time of the event, as obtained from the advanced query. **Required**. eventTime | DateTime(UTC) | The time of the event, as obtained from the advanced query. **Required**.
reportId | String | The reportId, as obtained from the advanced query. **Required**. reportId | String | The reportId, as obtained from the advanced query. **Required**.
category| String | Category of the alert. The property values are: 'None', 'SuspiciousActivity', 'Malware', 'CredentialTheft', 'Exploit', 'WebExploit', 'DocumentExploit', 'PrivilegeEscalation', 'Persistence', 'RemoteAccessTool', 'CommandAndControl', 'SuspiciousNetworkTraffic', 'Ransomware', 'MalwareDownload', 'Reconnaissance', 'WebFingerprinting', 'Weaponization', 'Delivery', 'SocialEngineering', 'CredentialStealing', 'Installation', 'Backdoor', 'Trojan', 'TrojanDownloader', 'LateralMovement', 'ExplorationEnumeration', 'NetworkPropagation', 'Exfiltration', 'NotApplicable', 'EnterprisePolicy' and 'General'. category| String | Category of the alert. The property values are: "General", "CommandAndControl", "Collection", "CredentialAccess", "DefenseEvasion", "Discovery", "Exfiltration", "Exploit", "Execution", "InitialAccess", "LateralMovement", "Malware", "Persistence", "PrivilegeEscalation", "Ransomware", "SuspiciousActivity" **Required**.
## Response ## Response

5
windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
View File

@ -74,12 +74,13 @@ If successful, this method returns 200 OK, and a list of [alert](alerts.md) obje
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](improve-request-performance.md)]
``` ```
GET https://api.securitycenter.windows.com/api/alerts GET https://api.securitycenter.windows.com/api/alerts
``` ```
[!include[Improve request performance](improve-request-performance.md)]
**Response** **Response**
Here is an example of the response. Here is an example of the response.