deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

remove wdatp in links

Browse Source
This commit is contained in:
Joey Caparas 2019-04-10 15:48:58 -07:00
parent f7f39d937e
commit 50e74994ef
40 changed files with 87 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
windows/security/threat-protection/microsoft-defender-atp/alerts.md
View File

@ -27,14 +27,14 @@ Represents an alert entity in Microsoft Defender ATP.
# Methods
Method|Return Type |Description
:---|:---|:---
[Get alert](get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md) | [Alert](alerts-windows-defender-advanced-threat-protection-new.md) | Get a single [alert](alerts-windows-defender-advanced-threat-protection-new.md) object.
[List alerts](get-alerts-windows-defender-advanced-threat-protection-new.md) | [Alert](alerts-windows-defender-advanced-threat-protection-new.md) collection | List [alert](alerts-windows-defender-advanced-threat-protection-new.md) collection.
[Create alert](create-alert-by-reference-windows-defender-advanced-threat-protection-new.md)|[Alert](alerts-windows-defender-advanced-threat-protection-new.md)|Create an alert based on event data obtained from [Advanced Hunting](run-advanced-query-api.md).
[List related domains](get-alert-related-domain-info-windows-defender-advanced-threat-protection-new.md)|Domain collection| List URLs associated with the alert.
[List related files](get-alert-related-files-info-windows-defender-advanced-threat-protection-new.md) | [File](files-windows-defender-advanced-threat-protection-new.md) collection | List the [file](files-windows-defender-advanced-threat-protection-new.md) entities that are associated with the [alert](alerts-windows-defender-advanced-threat-protection-new.md).
[List related IPs](get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md) | IP collection | List IPs that are associated with the alert.
[Get related machines](get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md) | [Machine](machine-windows-defender-advanced-threat-protection-new.md) | The [machine](machine-windows-defender-advanced-threat-protection-new.md) that is associated with the [alert](alerts-windows-defender-advanced-threat-protection-new.md).
[Get related users](get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md) | [User](user-windows-defender-advanced-threat-protection-new.md) | The [user](user-windows-defender-advanced-threat-protection-new.md) that is associated with the [alert](alerts-windows-defender-advanced-threat-protection-new.md).
[Get alert](get-alert-info-by-id.md) | [Alert](alerts.md) | Get a single [alert](alerts.md) object.
[List alerts](get-alerts.md) | [Alert](alerts.md) collection | List [alert](alerts.md) collection.
[Create alert](create-alert-by-reference.md)|[Alert](alerts.md)|Create an alert based on event data obtained from [Advanced Hunting](run-advanced-query-api.md).
[List related domains](get-alert-related-domain-info.md)|Domain collection| List URLs associated with the alert.
[List related files](get-alert-related-files-info.md) | [File](files.md) collection | List the [file](files.md) entities that are associated with the [alert](alerts.md).
[List related IPs](get-alert-related-ip-info.md) | IP collection | List IPs that are associated with the alert.
[Get related machines](get-alert-related-machine-info.md) | [Machine](machine.md) | The [machine](machine.md) that is associated with the [alert](alerts.md).
[Get related users](get-alert-related-user-info.md) | [User](user.md) | The [user](user.md) that is associated with the [alert](alerts.md).
# Properties
@ -57,7 +57,7 @@ alertCreationTime | DateTimeOffset | The date and time (in UTC) the alert was cr
lastEventTime | DateTimeOffset | The last occurance of the event that triggered the alert on the same machine.
firstEventTime | DateTimeOffset | The first occurance of the event that triggered the alert on that machine.
resolvedTime | DateTimeOffset | The date and time in which the status of the alert was changed to 'Resolved'.
machineId | String | ID of a [machine](machine-windows-defender-advanced-threat-protection-new.md) entity that is associated with the alert.
machineId | String | ID of a [machine](machine.md) entity that is associated with the alert.
# JSON representation
```

2
windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
View File

@ -60,7 +60,7 @@ Parameter | Type | Description
Comment | String | Comment to associate with the action. **Required**.
## Response
If successful, this method returns 201 - Created response code and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) in the response body.
If successful, this method returns 201 - Created response code and [Machine Action](machineaction.md) in the response body.
## Example

2
windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
View File

@ -69,7 +69,7 @@ category| String | Category of the alert. The property values are: 'None', 'Susp
## Response
If successful, this method returns 200 OK, and a new [alert](alerts-windows-defender-advanced-threat-protection-new.md) object in the response body. If event with the specified properties (_reportId_, _eventTime_ and _machineId_) was not found - 404 Not Found.
If successful, this method returns 200 OK, and a new [alert](alerts.md) object in the response body. If event with the specified properties (_reportId_, _eventTime_ and _machineId_) was not found - 404 Not Found.
## Example

2
windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
View File

@ -82,7 +82,7 @@ This page explains how to create an AAD application, get an access token to Micr
For instance,
- To [run advanced queries](run-advanced-query-api.md), select 'Run advanced queries' permission
- To [isolate a machine](isolate-machine-windows-defender-advanced-threat-protection-new.md), select 'Isolate machine' permission
- To [isolate a machine](isolate-machine.md), select 'Isolate machine' permission
To determine which permission you need, look at the **Permissions** section in the API you are interested to call.

2
windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
View File

@ -74,7 +74,7 @@ This page explains how to create an AAD application, get an access token to Micr
For instance,
- To [run advanced queries](run-advanced-query-api.md), select 'Run advanced queries' permission
- To [isolate a machine](isolate-machine-windows-defender-advanced-threat-protection-new.md), select 'Isolate machine' permission
- To [isolate a machine](isolate-machine.md), select 'Isolate machine' permission
- To determine which permission you need, please look at the **Permissions** section in the API you are interested to call.
![Image of select permissions](images/webapp-select-permission.png)

6
windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
View File

@ -29,9 +29,9 @@ ms.date: 11/15/2018
### Properties that supports $filter:
- [Alert](alerts-windows-defender-advanced-threat-protection-new.md): Id, IncidentId, AlertCreationTime, Status, Severity and Category.
- [Machine](machine-windows-defender-advanced-threat-protection-new.md): Id, ComputerDnsName, LastSeen, LastIpAddress, HealthStatus, OsPlatform, RiskScore, MachineTags and RbacGroupId.
- [MachineAction](machineaction-windows-defender-advanced-threat-protection-new.md): Id, Status, MachineId, Type, Requestor and CreationDateTimeUtc.
- [Alert](alerts.md): Id, IncidentId, AlertCreationTime, Status, Severity and Category.
- [Machine](machine.md): Id, ComputerDnsName, LastSeen, LastIpAddress, HealthStatus, OsPlatform, RiskScore, MachineTags and RbacGroupId.
- [MachineAction](machineaction.md): Id, Status, MachineId, Type, Requestor and CreationDateTimeUtc.
### Example 1

8
windows/security/threat-protection/microsoft-defender-atp/files.md
View File

@ -27,10 +27,10 @@ Represent a file entity in Microsoft Defender ATP.
# Methods
Method|Return Type |Description
:---|:---|:---
[Get file](get-file-information-windows-defender-advanced-threat-protection-new.md) | [file](files-windows-defender-advanced-threat-protection-new.md) | Get a single file
[List file related alerts](get-file-related-alerts-windows-defender-advanced-threat-protection-new.md) | [alert](alerts-windows-defender-advanced-threat-protection-new.md) collection | Get the [alert](alerts-windows-defender-advanced-threat-protection-new.md) entities that are associated with the file.
[List file related machines](get-file-related-machines-windows-defender-advanced-threat-protection-new.md) | [machine](machine-windows-defender-advanced-threat-protection-new.md) collection | Get the [machine](machine-windows-defender-advanced-threat-protection-new.md) entities associated with the alert.
[file statistics](get-file-statistics-windows-defender-advanced-threat-protection-new.md) | Statistics summary | Retrieves the prevalence for the given file.
[Get file](get-file-information.md) | [file](files.md) | Get a single file
[List file related alerts](get-file-related-alerts.md) | [alert](alerts.md) collection | Get the [alert](alerts.md) entities that are associated with the file.
[List file related machines](get-file-related-machines.md) | [machine](machine.md) collection | Get the [machine](machine.md) entities associated with the alert.
[file statistics](get-file-statistics.md) | Statistics summary | Retrieves the prevalence for the given file.
# Properties

2
windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md
View File

@ -56,7 +56,7 @@ Authorization | String | Bearer {token}. **Required**.
Empty
## Response
If successful, this method returns 200 OK, and the [alert](alerts-windows-defender-advanced-threat-protection-new.md) entity in the response body. If alert with the specified id was not found - 404 Not Found.
If successful, this method returns 200 OK, and the [alert](alerts.md) entity in the response body. If alert with the specified id was not found - 404 Not Found.
## Example

2
windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
View File

@ -64,7 +64,7 @@ Authorization | String | Bearer {token}. **Required**.
Empty
## Response
If successful, this method returns 200 OK, and a list of [alert](alerts-windows-defender-advanced-threat-protection-new.md) objects in the response body.
If successful, this method returns 200 OK, and a list of [alert](alerts.md) objects in the response body.
## Example

2
windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md
View File

@ -61,7 +61,7 @@ Authorization | String | Bearer {token}. **Required**.
Empty
## Response
If successful and domain exists - 200 OK with list of [alert](alerts-windows-defender-advanced-threat-protection-new.md) entities. If domain does not exist - 404 Not Found.
If successful and domain exists - 200 OK with list of [alert](alerts.md) entities. If domain does not exist - 404 Not Found.
## Example

2
windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md
View File

@ -56,7 +56,7 @@ Authorization | String | Bearer {token}. **Required**.
Empty
## Response
If successful and domain exists - 200 OK with list of [machine](machine-windows-defender-advanced-threat-protection-new.md) entities. If domain do not exist - 404 Not Found.
If successful and domain exists - 200 OK with list of [machine](machine.md) entities. If domain do not exist - 404 Not Found.
## Example

2
windows/security/threat-protection/microsoft-defender-atp/get-file-information.md
View File

@ -56,7 +56,7 @@ Authorization | String | Bearer {token}. **Required**.
Empty
## Response
If successful and file exists - 200 OK with the [file](files-windows-defender-advanced-threat-protection-new.md) entity in the body. If file does not exist - 404 Not Found.
If successful and file exists - 200 OK with the [file](files.md) entity in the body. If file does not exist - 404 Not Found.
## Example

2
windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md
View File

@ -59,7 +59,7 @@ Authorization | String | Bearer {token}. **Required**.
Empty
## Response
If successful and file exists - 200 OK with list of [alert](alerts-windows-defender-advanced-threat-protection-new.md) entities in the body. If file do not exist - 404 Not Found.
If successful and file exists - 200 OK with list of [alert](alerts.md) entities in the body. If file do not exist - 404 Not Found.
## Example

2
windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md
View File

@ -58,7 +58,7 @@ Authorization | String | Bearer {token}. **Required**.
Empty
## Response
If successful and file exists - 200 OK with list of [machine](machine-windows-defender-advanced-threat-protection-new.md) entities in the body. If file do not exist - 404 Not Found.
If successful and file exists - 200 OK with list of [machine](machine.md) entities in the body. If file do not exist - 404 Not Found.
## Example

2
windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md
View File

@ -57,7 +57,7 @@ Authorization | String | Bearer {token}. **Required**.
Empty
## Response
If successful and IP exists - 200 OK with list of [alert](alerts-windows-defender-advanced-threat-protection-new.md) entities in the body. If IP do not exist - 404 Not Found.
If successful and IP exists - 200 OK with list of [alert](alerts.md) entities in the body. If IP do not exist - 404 Not Found.
## Example

2
windows/security/threat-protection/microsoft-defender-atp/get-ip-related-machines.md
View File

@ -57,7 +57,7 @@ Authorization | String | Bearer {token}. **Required**.
Empty
## Response
If successful and IP exists - 200 OK with list of [machine](machine-windows-defender-advanced-threat-protection-new.md) entities in the body. If IP do not exist - 404 Not Found.
If successful and IP exists - 200 OK with list of [machine](machine.md) entities in the body. If IP do not exist - 404 Not Found.
## Example

2
windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
View File

@ -59,7 +59,7 @@ Authorization | String | Bearer {token}. **Required**.
Empty
## Response
If successful and machine exists - 200 OK with the [machine](machine-windows-defender-advanced-threat-protection-new.md) entity in the body.
If successful and machine exists - 200 OK with the [machine](machine.md) entity in the body.
If machine with the specified id was not found - 404 Not Found.

2
windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
View File

@ -55,7 +55,7 @@ Authorization | String | Bearer {token}. **Required**.
Empty
## Response
If successful and machine exist - 200 OK with list of [user](user-windows-defender-advanced-threat-protection-new.md) entities in the body. If machine was not found - 404 Not Found.
If successful and machine exist - 200 OK with list of [user](user.md) entities in the body. If machine was not found - 404 Not Found.
## Example

2
windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md
View File

@ -57,7 +57,7 @@ Authorization | String | Bearer {token}. **Required**.
Empty
## Response
If successful and machine exists - 200 OK with list of [alert](alerts-windows-defender-advanced-threat-protection-new.md) entities in the body. If machine was not found - 404 Not Found.
If successful and machine exists - 200 OK with list of [alert](alerts.md) entities in the body. If machine was not found - 404 Not Found.
## Example

2
windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md
View File

@ -57,7 +57,7 @@ Authorization | String | Bearer {token}. **Required**.
Empty
## Response
If successful, this method returns 200, Ok response code with a [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entity. If machine action entity with the specified id was not found - 404 Not Found.
If successful, this method returns 200, Ok response code with a [Machine Action](machineaction.md) entity. If machine action entity with the specified id was not found - 404 Not Found.
## Example

2
windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md
View File

@ -60,7 +60,7 @@ Authorization | String | Bearer {token}. **Required**.
Empty
## Response
If successful, this method returns 200, Ok response code with a collection of [machineAction](machineaction-windows-defender-advanced-threat-protection-new.md) entities.
If successful, this method returns 200, Ok response code with a collection of [machineAction](machineaction.md) entities.
## Example 1

2
windows/security/threat-protection/microsoft-defender-atp/get-machines.md
View File

@ -58,7 +58,7 @@ Authorization | String | Bearer {token}. **Required**.
Empty
## Response
If successful and machines exists - 200 OK with list of [machine](machine-windows-defender-advanced-threat-protection-new.md) entities in the body. If no recent machines - 404 Not Found.
If successful and machines exists - 200 OK with list of [machine](machine.md) entities in the body. If no recent machines - 404 Not Found.
## Example

2
windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md
View File

@ -23,7 +23,7 @@ ms.date: 12/08/2017
[!include[Prerelease information](prerelease.md)]
Get a URI that allows downloading of an [investigation package](collect-investigation-package-windows-defender-advanced-threat-protection-new.md).
Get a URI that allows downloading of an [investigation package](collect-investigation-package.md).
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)

2
windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md
View File

@ -58,7 +58,7 @@ Authorization | String | Bearer {token}. **Required**.
Empty
## Response
If successful, this method returns 200, Ok response code with a collection of [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entities.
If successful, this method returns 200, Ok response code with a collection of [Indicator](ti-indicator.md) entities.
>[!Note]
> If the Application has 'Ti.ReadWrite.All' permission, it will be exposed to all Indicators. Otherwise, it will be exposed only to the Indicators it created.

2
windows/security/threat-protection/microsoft-defender-atp/get-user-information.md
View File

@ -47,7 +47,7 @@ Authorization | String | Bearer {token}. **Required**.
Empty
## Response
If successful and user exists - 200 OK with [user](user-windows-defender-advanced-threat-protection-new.md) entity in the body. If user does not exist - 404 Not Found.
If successful and user exists - 200 OK with [user](user.md) entity in the body. If user does not exist - 404 Not Found.
## Example

2
windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md
View File

@ -60,7 +60,7 @@ Authorization | String | Bearer {token}. **Required**.
Empty
## Response
If successful and user exists - 200 OK with list of [machine](machine-windows-defender-advanced-threat-protection-new.md) entities in the body. If user does not exist - 404 Not Found.
If successful and user exists - 200 OK with list of [machine](machine.md) entities in the body. If user does not exist - 404 Not Found.
## Example

4
windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md
View File

@ -67,7 +67,7 @@ IsolationType | String | Type of the isolation. Allowed values are: 'Full' or 'S
## Response
If successful, this method returns 201 - Created response code and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) in the response body.
If successful, this method returns 201 - Created response code and [Machine Action](machineaction.md) in the response body.
## Example
@ -109,4 +109,4 @@ Content-type: application/json
```
To unisolate a machine, see [Release machine from isolation](unisolate-machine-windows-defender-advanced-threat-protection-new.md).
To unisolate a machine, see [Release machine from isolation](unisolate-machine.md).

2
windows/security/threat-protection/microsoft-defender-atp/machine-tags.md
View File

@ -83,7 +83,7 @@ You can manage tags from the Actions button or by selecting a machine from the M
![Image of adding tags on a machine](images/atp-tag-management.png)
## Add machine tags using APIs
For more information, see [Add or remove machine tags API](add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md).
For more information, see [Add or remove machine tags API](add-or-remove-machine-tags.md).

30
windows/security/threat-protection/microsoft-defender-atp/machine.md
View File

@ -24,29 +24,29 @@ ms.topic: article
# Methods
Method|Return Type |Description
:---|:---|:---
[List machines](get-machines-windows-defender-advanced-threat-protection-new.md) | [machine](machine-windows-defender-advanced-threat-protection-new.md) collection | List set of [machine](machine-windows-defender-advanced-threat-protection-new.md) entities in the org.
[Get machine](get-machine-by-id-windows-defender-advanced-threat-protection-new.md) | [machine](machine-windows-defender-advanced-threat-protection-new.md) | Get a [machine](machine-windows-defender-advanced-threat-protection-new.md) by its identity.
[Get logged on users](get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md) | [user](user-windows-defender-advanced-threat-protection-new.md) collection | Get the set of [User](user-windows-defender-advanced-threat-protection-new.md) that logged on to the [machine](machine-windows-defender-advanced-threat-protection-new.md).
[Get related alerts](get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md) | [alert](alerts-windows-defender-advanced-threat-protection-new.md) collection | Get the set of [alert](alerts-windows-defender-advanced-threat-protection-new.md) entities that were raised on the [machine](machine-windows-defender-advanced-threat-protection-new.md).
[Add or Remove machine tags](add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md) | [machine](machine-windows-defender-advanced-threat-protection-new.md) | Add or Remove tag to a specific machine.
[Find machines by IP](find-machines-by-ip-windows-defender-advanced-threat-protection-new.md) | [machine](machine-windows-defender-advanced-threat-protection-new.md) collection | Find machines seen with IP.
[List machines](get-machines.md) | [machine](machine.md) collection | List set of [machine](machine.md) entities in the org.
[Get machine](get-machine-by-id.md) | [machine](machine.md) | Get a [machine](machine.md) by its identity.
[Get logged on users](get-machine-log-on-users.md) | [user](user.md) collection | Get the set of [User](user.md) that logged on to the [machine](machine.md).
[Get related alerts](get-machine-related-alerts.md) | [alert](alerts.md) collection | Get the set of [alert](alerts.md) entities that were raised on the [machine](machine.md).
[Add or Remove machine tags](add-or-remove-machine-tags.md) | [machine](machine.md) | Add or Remove tag to a specific machine.
[Find machines by IP](find-machines-by-ip.md) | [machine](machine.md) collection | Find machines seen with IP.
# Properties
Property | Type | Description
:---|:---|:---
id | String | [machine](machine-windows-defender-advanced-threat-protection-new.md) identity.
computerDnsName | String | [machine](machine-windows-defender-advanced-threat-protection-new.md) fully qualified name.
firstSeen | DateTimeOffset | First date and time where the [machine](machine-windows-defender-advanced-threat-protection-new.md) was observed by Microsoft Defender ATP.
lastSeen | DateTimeOffset | Last date and time where the [machine](machine-windows-defender-advanced-threat-protection-new.md) was observed by Microsoft Defender ATP.
id | String | [machine](machine.md) identity.
computerDnsName | String | [machine](machine.md) fully qualified name.
firstSeen | DateTimeOffset | First date and time where the [machine](machine.md) was observed by Microsoft Defender ATP.
lastSeen | DateTimeOffset | Last date and time where the [machine](machine.md) was observed by Microsoft Defender ATP.
osPlatform | String | OS platform.
osVersion | String | OS Version.
lastIpAddress | String | Last IP on local NIC on the [machine](machine-windows-defender-advanced-threat-protection-new.md).
lastExternalIpAddress | String | Last IP through which the [machine](machine-windows-defender-advanced-threat-protection-new.md) accessed the internet.
lastIpAddress | String | Last IP on local NIC on the [machine](machine.md).
lastExternalIpAddress | String | Last IP through which the [machine](machine.md) accessed the internet.
agentVersion | String | Version of Microsoft Defender ATP agent.
osBuild | Nullable long | OS build number.
healthStatus | Enum | [machine](machine-windows-defender-advanced-threat-protection-new.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData" and "NoSensorDataImpairedCommunication"
healthStatus | Enum | [machine](machine.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData" and "NoSensorDataImpairedCommunication"
rbacGroupId | Int | RBAC Group ID.
rbacGroupName | String | RBAC Group Name.
riskScore | Nullable Enum | Risk score as evaluated by Microsoft Defender ATP. Possible values are: 'None', 'Low', 'Medium' and 'High'.
aadDeviceId | Nullable Guid | AAD Device ID (when [machine](machine-windows-defender-advanced-threat-protection-new.md) is Aad Joined).
machineTags | String collection | Set of [machine](machine-windows-defender-advanced-threat-protection-new.md) tags.
aadDeviceId | Nullable Guid | AAD Device ID (when [machine](machine.md) is Aad Joined).
machineTags | String collection | Set of [machine](machine.md) tags.

22
windows/security/threat-protection/microsoft-defender-atp/machineaction.md
View File

@ -26,21 +26,21 @@ ms.date: 12/08/2017
Method|Return Type |Description
:---|:---|:---
[List MachineActions](get-machineactions-collection-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | List [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entities.
[Get MachineAction](get-machineaction-object-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Get a single [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entity.
[Collect investigation package](collect-investigation-package-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Collect investigation package from a [machine](machine-windows-defender-advanced-threat-protection-new.md).
[Get investigation package SAS URI](get-package-sas-uri-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Get URI for downloading the investigation package.
[Isolate machine](isolate-machine-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Isolate [machine](machine-windows-defender-advanced-threat-protection-new.md) from network.
[Release machine from isolation](unisolate-machine-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Release [machine](machine-windows-defender-advanced-threat-protection-new.md) from Isolation.
[Restrict app execution](restrict-code-execution-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Restrict application execution.
[Remove app restriction](unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Remove application execution restriction.
[Run antivirus scan](run-av-scan-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Run an AV scan using Windows Defender (when applicable).
[Offboard machine](offboard-machine-api-windows-defender-advanced-threat-protection-new.md)|[Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Offboard [machine](machine-windows-defender-advanced-threat-protection-new.md) from Microsoft Defender ATP.
[List MachineActions](get-machineactions-collection.md) | [Machine Action](machineaction.md) | List [Machine Action](machineaction.md) entities.
[Get MachineAction](get-machineaction-object.md) | [Machine Action](machineaction.md) | Get a single [Machine Action](machineaction.md) entity.
[Collect investigation package](collect-investigation-package.md) | [Machine Action](machineaction.md) | Collect investigation package from a [machine](machine.md).
[Get investigation package SAS URI](get-package-sas-uri.md) | [Machine Action](machineaction.md) | Get URI for downloading the investigation package.
[Isolate machine](isolate-machine.md) | [Machine Action](machineaction.md) | Isolate [machine](machine.md) from network.
[Release machine from isolation](unisolate-machine.md) | [Machine Action](machineaction.md) | Release [machine](machine.md) from Isolation.
[Restrict app execution](restrict-code-execution.md) | [Machine Action](machineaction.md) | Restrict application execution.
[Remove app restriction](unrestrict-code-execution.md) | [Machine Action](machineaction.md) | Remove application execution restriction.
[Run antivirus scan](run-av-scan.md) | [Machine Action](machineaction.md) | Run an AV scan using Windows Defender (when applicable).
[Offboard machine](offboard-machine-api.md)|[Machine Action](machineaction.md) | Offboard [machine](machine.md) from Microsoft Defender ATP.
# Properties
Property | Type | Description
:---|:---|:---
id | Guid | Identity of the [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entity.
id | Guid | Identity of the [Machine Action](machineaction.md) entity.
type | Enum | Type of the action. Possible values are: "RunAntiVirusScan", "Offboard", "CollectInvestigationPackage", "Isolate", "Unisolate", "StopAndQuarantineFile", "RestrictCodeExecution" and "UnrestrictCodeExecution"
requestor | String | Identity of the person that executed the action.
requestorComment | String | Comment that was written when issuing the action.

2
windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
View File

@ -59,7 +59,7 @@ Parameter | Type | Description
Comment | String | Comment to associate with the action. **Required**.
## Response
If successful, this method returns 201 - Created response code and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) in the response body.
If successful, this method returns 201 - Created response code and [Machine Action](machineaction.md) in the response body.
## Example

6
windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
View File

@ -28,7 +28,7 @@ ms.date: 12/08/2017
> Currently this API is supported only for AppOnly context requests. (See [Get access with application context](exposed-apis-create-app-webapp.md) for more information)
- Submits or Updates new [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
- Submits or Updates new [Indicator](ti-indicator.md) entity.
## Permissions
@ -60,7 +60,7 @@ In the request body, supply a JSON object with the following parameters:
Parameter | Type | Description
:---|:---|:---
indicatorValue | String | Identity of the [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity. **Required**
indicatorValue | String | Identity of the [Indicator](ti-indicator.md) entity. **Required**
indicatorType | Enum | Type of the indicator. Possible values are: "FileSha1", "FileSha256", "IpAddress", "DomainName" and "Url". **Required**
action | Enum | The action that will be taken if the indicator will be discovered in the organization. Possible values are: "Alert", "AlertAndBlock", and "Allowed". **Required**
title | String | Indicator alert title. **Optional**
@ -71,7 +71,7 @@ recommendedActions | String | TI indicator alert recommended actions. **Optional
## Response
- If successful, this method returns 200 - OK response code and the created / updated [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity in the response body.
- If successful, this method returns 200 - OK response code and the created / updated [Indicator](ti-indicator.md) entity in the response body.
- If not successful: this method return 400 - Bad Request / 409 - Conflict with the failure reason. Bad request usually indicates incorrect body and Conflict can happen if you try to submit an Indicator that conflicts with an existing Indicator type or Action.
## Example

4
windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md
View File

@ -60,7 +60,7 @@ Parameter | Type | Description
Comment | String | Comment to associate with the action. **Required**.
## Response
If successful, this method returns 201 - Created response code and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) in the response body.
If successful, this method returns 201 - Created response code and [Machine Action](machineaction.md) in the response body.
## Example
@ -101,5 +101,5 @@ Content-type: application/json
```
To remove code execution restriction from a machine, see [Remove app restriction](unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md).
To remove code execution restriction from a machine, see [Remove app restriction](unrestrict-code-execution.md).

2
windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md
View File

@ -62,7 +62,7 @@ Comment | String | Comment to associate with the action. **Required**.
Sha1 | String | Sha1 of the file to stop and quarantine on the machine. **Required**.
## Response
If successful, this method returns 201 - Created response code and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) in the response body.
If successful, this method returns 201 - Created response code and [Machine Action](machineaction.md) in the response body.
## Example

8
windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md
View File

@ -24,16 +24,16 @@ ms.topic: article
Method|Return Type |Description
:---|:---|:---
[List Indicators](get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md) | [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) Collection | List [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entities.
[Submit Indicator](post-ti-indicator-windows-defender-advanced-threat-protection-new.md) | [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) | Submits [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
[Delete Indicator](delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md) | No Content | Deletes [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
[List Indicators](get-ti-indicators-collection.md) | [Indicator](ti-indicator.md) Collection | List [Indicator](ti-indicator.md) entities.
[Submit Indicator](post-ti-indicator.md) | [Indicator](ti-indicator.md) | Submits [Indicator](ti-indicator.md) entity.
[Delete Indicator](delete-ti-indicator-by-id.md) | No Content | Deletes [Indicator](ti-indicator.md) entity.
- See the corresponding [page](https://securitycenter.windows.com/preferences2/custom_ti_indicators/files) in the portal:
# Properties
Property | Type | Description
:---|:---|:---
indicatorValue | String | Identity of the [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
indicatorValue | String | Identity of the [Indicator](ti-indicator.md) entity.
indicatorType | Enum | Type of the indicator. Possible values are: "FileSha1", "FileSha256", "IpAddress", "DomainName" and "Url"
title | String | Indicator alert title.
creationTimeDateTimeUtc | DateTimeOffset | The date and time when the indicator was created.

4
windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md
View File

@ -61,7 +61,7 @@ Parameter | Type | Description
Comment | String | Comment to associate with the action. **Required**.
## Response
If successful, this method returns 201 - Created response code and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) in the response body.
If successful, this method returns 201 - Created response code and [Machine Action](machineaction.md) in the response body.
## Example
@ -105,5 +105,5 @@ Content-type: application/json
```
To isolate a machine, see [Isolate machine](isolate-machine-windows-defender-advanced-threat-protection-new.md).
To isolate a machine, see [Isolate machine](isolate-machine.md).

4
windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md
View File

@ -59,7 +59,7 @@ Parameter | Type | Description
Comment | String | Comment to associate with the action. **Required**.
## Response
If successful, this method returns 201 - Created response code and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) in the response body.
If successful, this method returns 201 - Created response code and [Machine Action](machineaction.md) in the response body.
## Example
@ -101,4 +101,4 @@ Content-type: application/json
```
To restrict code execution on a machine, see [Restrict app execution](restrict-code-execution-windows-defender-advanced-threat-protection-new.md).
To restrict code execution on a machine, see [Restrict app execution](restrict-code-execution.md).

2
windows/security/threat-protection/microsoft-defender-atp/update-alert.md
View File

@ -64,7 +64,7 @@ determination | String | Specifies the determination of the alert. The property
## Response
If successful, this method returns 200 OK, and the [alert](alerts-windows-defender-advanced-threat-protection-new.md) entity in the response body with the updated properties. If alert with the specified id was not found - 404 Not Found.
If successful, this method returns 200 OK, and the [alert](alerts.md) entity in the response body with the updated properties. If alert with the specified id was not found - 404 Not Found.
## Example

2
windows/security/threat-protection/microsoft-defender-atp/use-apis.md
View File

@ -27,5 +27,5 @@ ms.date: 11/28/2018
Topic | Description
:---|:---
[Microsoft Defender ATP API overview](apis-intro.md) | Learn how to access to Microsoft Defender ATP Public API and on which context.
[Supported Microsoft Defender ATP APIs](exposed-apis-list.md) | Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses. Examples include APIs for [alert resource type](alerts-windows-defender-advanced-threat-protection-new.md), [domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md), or even actions such as [isolate machine](isolate-machine-windows-defender-advanced-threat-protection-new.md).
[Supported Microsoft Defender ATP APIs](exposed-apis-list.md) | Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses. Examples include APIs for [alert resource type](alerts.md), [domain related alerts](get-domain-related-alerts.md), or even actions such as [isolate machine](isolate-machine.md).
How to use APIs - Samples | Learn how to use Advanced hunting APIs and multiple APIs such as PowerShell. Other examples include [schedule advanced hunting using Microsoft Flow](run-advanced-query-sample-ms-flow.md) or [OData queries](exposed-apis-odata-samples.md).

4
windows/security/threat-protection/microsoft-defender-atp/user.md
View File

@ -21,7 +21,7 @@ ms.date: 12/08/2017
Method|Return Type |Description
:---|:---|:---
[List User related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection-new.md) | [alert](alerts-windows-defender-advanced-threat-protection-new.md) collection | List all the alerts that are associated with a [user](user-windows-defender-advanced-threat-protection-new.md).
[List User related machines](get-user-related-machines-windows-defender-advanced-threat-protection-new.md) | [machine](machine-windows-defender-advanced-threat-protection-new.md) collection | List all the machines that were logged on by a [user](user-windows-defender-advanced-threat-protection-new.md).
[List User related alerts](get-user-related-alerts.md) | [alert](alerts.md) collection | List all the alerts that are associated with a [user](user.md).
[List User related machines](get-user-related-machines.md) | [machine](machine.md) collection | List all the machines that were logged on by a [user](user.md).