deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #1067 from MicrosoftDocs/indicator-links

Browse Source 
Indicator links
This commit is contained in:
Dani Halfin 2019-09-09 15:22:02 -07:00 committed by GitHub
commit 541ac64d7e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 15 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.openpublishing.redirection.json
View File

@ -1336,6 +1336,11 @@
"redirect_document_id": true "redirect_document_id": true
}, },
{ {
"source_path": "windows/security/threat-protection/microsoft-defender-atp/enable-custom-ti.md",
"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-indicators",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md", "source_path": "windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md",
"redirect_url": "/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection",
"redirect_document_id": true "redirect_document_id": true

1
windows/security/threat-protection/TOC.md
View File

@ -429,7 +429,6 @@
##### [Get CVE-KB map](microsoft-defender-atp/get-cvekbmap-collection.md) ##### [Get CVE-KB map](microsoft-defender-atp/get-cvekbmap-collection.md)
#### [API for custom alerts (Deprecated)]() #### [API for custom alerts (Deprecated)]()
##### [Enable the custom threat intelligence application (Deprecated)](microsoft-defender-atp/enable-custom-ti.md)
##### [Use the threat intelligence API to create custom alerts (Deprecated)](microsoft-defender-atp/use-custom-ti.md) ##### [Use the threat intelligence API to create custom alerts (Deprecated)](microsoft-defender-atp/use-custom-ti.md)
##### [Create custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/custom-ti-api.md) ##### [Create custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/custom-ti-api.md)
##### [PowerShell code examples (Deprecated)](microsoft-defender-atp/powershell-example-code.md) ##### [PowerShell code examples (Deprecated)](microsoft-defender-atp/powershell-example-code.md)

56
windows/security/threat-protection/microsoft-defender-atp/enable-custom-ti.md
View File

@ -1,56 +0,0 @@
---
title: Enable the custom threat intelligence API in Microsoft Defender ATP
description: Learn how to setup the custom threat intelligence application in Microsoft Defender ATP to create custom threat intelligence (TI).
keywords: enable custom threat intelligence application, custom ti application, application name, client id, authorization url, resource, client secret, access tokens
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# Enable the custom threat intelligence API in Microsoft Defender ATP (Deprecated)
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
> [!TIP]
> This topic has been deprecated. See [Indicators](ti-indicator.md) for the updated content.
>
> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-enablecustomti-abovefoldlink)
Before you can create custom threat intelligence (TI) using REST API, you'll need to set up the custom threat intelligence application through Microsoft Defender Security Center.
1. In the navigation pane, select **Settings** > **Threat intel**.
![Image of threat intel API menu](images/atp-threat-intel-api.png)
2. Select **Enable threat intel API**. This activates the **Azure Active Directory application** setup sections with pre-populated values.
3. Copy the individual values or select **Save details to file** to download a file that contains all the values.
>[!WARNING]
>The client secret is only displayed once. Make sure you keep a copy of it in a safe place. <br>
For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti.md#learn-how-to-get-a-new-client-secret).
4. Select **Generate tokens** to get an access and refresh token.
Youll need to use the access token in the Authorization header when doing REST API calls.
## Related topics
- [Understand threat intelligence concepts](threat-indicator-concepts.md)
- [Create custom alerts using the threat intelligence API](custom-ti-api.md)
- [PowerShell code examples for the custom threat intelligence API](powershell-example-code.md)
- [Python code examples for the custom threat intelligence API](python-example-code.md)
- [Experiment with custom threat intelligence alerts](experiment-custom-ti.md)
- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti.md)

4
windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
View File

@ -121,6 +121,10 @@ It's important to understand the following prerequisites prior to creating indic
- The Antimalware client version must be 4.18.1906.x or later. - The Antimalware client version must be 4.18.1906.x or later.
- Supported on machines on Windows 10, version 1709 or later. - Supported on machines on Windows 10, version 1709 or later.
- Ensure that **Custom network indicators** is enabled in **Microsoft Defender Security Center> Settings > Advanced features**. For more information, see [Advanced features](advanced-features.md). - Ensure that **Custom network indicators** is enabled in **Microsoft Defender Security Center> Settings > Advanced features**. For more information, see [Advanced features](advanced-features.md).
>[!IMPORTANT]
> Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs.
>[!NOTE] >[!NOTE]
>There may be up to 2 hours latency (usually less) between the time the action is taken, and the URL and IP being blocked. >There may be up to 2 hours latency (usually less) between the time the action is taken, and the URL and IP being blocked.

5
windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
View File

@ -22,13 +22,14 @@ ms.topic: article
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>[!Note] >[!NOTE]
> Currently this API is supported only for AppOnly context requests. (See [Get access with application context](exposed-apis-create-app-webapp.md) for more information) > Currently this API is supported only for AppOnly context requests. (See [Get access with application context](exposed-apis-create-app-webapp.md) for more information)
- Submits or Updates new [Indicator](ti-indicator.md) entity. - Submits or Updates new [Indicator](ti-indicator.md) entity.
>[!NOTE]
>There is a limit of 5000 indicators per tenant.
## Permissions ## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Get started](apis-intro.md) One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Get started](apis-intro.md)

4
windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md
View File

@ -28,7 +28,9 @@ Method|Return Type |Description
[Submit Indicator](post-ti-indicator.md) | [Indicator](ti-indicator.md) | Submits [Indicator](ti-indicator.md) entity. [Submit Indicator](post-ti-indicator.md) | [Indicator](ti-indicator.md) | Submits [Indicator](ti-indicator.md) entity.
[Delete Indicator](delete-ti-indicator-by-id.md) | No Content | Deletes [Indicator](ti-indicator.md) entity. [Delete Indicator](delete-ti-indicator-by-id.md) | No Content | Deletes [Indicator](ti-indicator.md) entity.
- See the corresponding [page](https://securitycenter.windows.com/preferences2/custom_ti_indicators/files) in the portal: - See the corresponding [page](https://securitycenter.windows.com/preferences2/custom_ti_indicators/files) in the portal.
For more information on creating indicators, see [Manage indicators](manage-indicators.md).
# Properties # Properties
Property | Type | Description Property | Type | Description