diff --git a/windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md index 2e9a1b2edf..b1cde1afaf 100644 --- a/windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md @@ -14,6 +14,8 @@ ms.date: 12/08/2017 --- # Alert resource type +**Applies to:** +- Windows Defender Advanced Threat Protection (Windows Defender ATP) [!include[Prerelease information](prerelease.md)] @@ -22,36 +24,36 @@ Represents an alert entity in WDATP. # Methods Method|Return Type |Description :---|:---|:--- -[Get alert](get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md) | [alert](alerts-windows-defender-advanced-threat-protection-new.md) | Get a single [alert](alerts-windows-defender-advanced-threat-protection-new.md) object. -[List alerts](get-alerts-windows-defender-advanced-threat-protection-new.md) | [alert](alerts-windows-defender-advanced-threat-protection-new.md) collection | List [alert](alerts-windows-defender-advanced-threat-protection-new.md) collection. -[Create alert](create-alert-by-reference-windows-defender-advanced-threat-protection-new.md)|[alert](alerts-windows-defender-advanced-threat-protection-new.md)|Create an alert based on event data obtained from [Advanced Hunting](run-advanced-query-api.md) -[List related domains](get-alert-related-domain-info-windows-defender-advanced-threat-protection-new.md)|Domain collection|List Urls associated with the alert. -[List related files](get-alert-related-files-info-windows-defender-advanced-threat-protection-new.md) | [file](files-windows-defender-advanced-threat-protection-new.md) collection | List the [file](files-windows-defender-advanced-threat-protection-new.md) entities that are associated with the [alert](alerts-windows-defender-advanced-threat-protection-new.md). -[List related IPs](get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md) | IP collection | List IPs that are associated witht the alert. -[Get related machines](get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md) | [machine](machine-windows-defender-advanced-threat-protection-new.md) | The [machine](machine-windows-defender-advanced-threat-protection-new.md) that is associated with the [alert](alerts-windows-defender-advanced-threat-protection-new.md). -[Get related users](get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md) | [user](user-windows-defender-advanced-threat-protection-new.md) | The [user](user-windows-defender-advanced-threat-protection-new.md) that is associated with the [alert](alerts-windows-defender-advanced-threat-protection-new.md). +[Get alert](get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md) | [Alert](alerts-windows-defender-advanced-threat-protection-new.md) | Get a single [alert](alerts-windows-defender-advanced-threat-protection-new.md) object. +[List alerts](get-alerts-windows-defender-advanced-threat-protection-new.md) | [Alert](alerts-windows-defender-advanced-threat-protection-new.md) collection | List [alert](alerts-windows-defender-advanced-threat-protection-new.md) collection. +[Create alert](create-alert-by-reference-windows-defender-advanced-threat-protection-new.md)|[Alert](alerts-windows-defender-advanced-threat-protection-new.md)|Create an alert based on event data obtained from [Advanced Hunting](run-advanced-query-api.md). +[List related domains](get-alert-related-domain-info-windows-defender-advanced-threat-protection-new.md)|Domain collection| List URLs associated with the alert. +[List related files](get-alert-related-files-info-windows-defender-advanced-threat-protection-new.md) | [File](files-windows-defender-advanced-threat-protection-new.md) collection | List the [file](files-windows-defender-advanced-threat-protection-new.md) entities that are associated with the [alert](alerts-windows-defender-advanced-threat-protection-new.md). +[List related IPs](get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md) | IP collection | List IPs that are associated with the alert. +[Get related machines](get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md) | [Machine](machine-windows-defender-advanced-threat-protection-new.md) | The [machine](machine-windows-defender-advanced-threat-protection-new.md) that is associated with the [alert](alerts-windows-defender-advanced-threat-protection-new.md). +[Get related users](get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md) | [User](user-windows-defender-advanced-threat-protection-new.md) | The [user](user-windows-defender-advanced-threat-protection-new.md) that is associated with the [alert](alerts-windows-defender-advanced-threat-protection-new.md). # Properties Property | Type | Description :---|:---|:--- -id | String | alert id. -severity | String | severity of the alert. Allowed values are: 'Low', 'Medium' and 'High'. +id | String | Alert ID +severity | String | Severity of the alert. Allowed values are: 'Low', 'Medium' and 'High'. status | String | Specifies the current status of the alert. The property values are: 'New', 'InProgress' and 'Resolved'. description | String | Description of the threat, identified by the alert. recommendedAction | String | Action recommended for handling the suspected threat. alertCreationTime | DateTimeOffset | The date and time (in UTC) the alert was created. category| String | Category of the alert. The property values are: 'None', 'SuspiciousActivity', 'Malware', 'CredentialTheft', 'Exploit', 'WebExploit', 'DocumentExploit', 'PrivilegeEscalation', 'Persistence', 'RemoteAccessTool', 'CommandAndControl', 'SuspiciousNetworkTraffic', 'Ransomware', 'MalwareDownload', 'Reconnaissance', 'WebFingerprinting', 'Weaponization', 'Delivery', 'SocialEngineering', 'CredentialStealing', 'Installation', 'Backdoor', 'Trojan', 'TrojanDownloader', 'LateralMovement', 'ExplorationEnumeration', 'NetworkPropagation', 'Exfiltration', 'NotApplicable', 'EnterprisePolicy' and 'General'. -title | string | Alert title. -threatFamilyName | string | Threat family. -detectionSource | string | detection source +title | string | Alert title +threatFamilyName | string | Threat family +detectionSource | string | Detection source assignedTo | String | Owner of the alert -classification | String | Speficies the specification of the alert. The property values are: 'Unknown', 'FalsePositive', 'TruePositive'. +classification | String | Specification of the alert. The property values are: 'Unknown', 'FalsePositive', 'TruePositive'. determination | String | Specifies the determination of the alert. The property values are: 'NotAvailable', 'Apt', 'Malware', 'SecurityPersonnel', 'SecurityTesting', 'UnwantedSoftware', 'Other' resolvedTime | DateTimeOffset | The date and time in which the status of the alert was changed to 'Resolved'. lastEventTime | DateTimeOffset | The last occurance of the event that triggered the alert on the same machine. firstEventTime | DateTimeOffset | The first occurance of the event that triggered the alert on that machine. -machineId | String | id of a [machine](machine-windows-defender-advanced-threat-protection-new.md) entity that is associated with the alert. +machineId | String | ID of a [machine](machine-windows-defender-advanced-threat-protection-new.md) entity that is associated with the alert. # JSON representation ``` diff --git a/windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection-new.md index 6c1b1ccd6d..7e8d70c5cf 100644 --- a/windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection-new.md @@ -14,13 +14,11 @@ ms.date: 12/08/2017 --- # Collect investigation package API +**Applies to:** +- Windows Defender Advanced Threat Protection (Windows Defender ATP) [!include[Prerelease information](prerelease.md)] -**Applies to:** - -- Windows Defender Advanced Threat Protection (Windows Defender ATP) - Collect investigation package from a machine. diff --git a/windows/security/threat-protection/windows-defender-atp/create-alert-by-reference-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/create-alert-by-reference-windows-defender-advanced-threat-protection-new.md index f5d19d8b8c..e5e7d337a8 100644 --- a/windows/security/threat-protection/windows-defender-atp/create-alert-by-reference-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/create-alert-by-reference-windows-defender-advanced-threat-protection-new.md @@ -14,14 +14,14 @@ ms.date: 12/08/2017 --- # Create alert from event API - -[!include[Prerelease information](prerelease.md)] - **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + + Enables using event data, as obtained from the [Advanced Hunting](run-advanced-query-api.md) for creating a new alert entity. ## Permissions diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md index c1525aaa7b..28a6892fb8 100644 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md +++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md @@ -25,7 +25,7 @@ ms.date: 09/03/2018 [!include[Prerelease information](prerelease.md)] -These pages describe how to create an application to get programmatical access to Windows Defender ATP on behalf of a user. +This page describe how to create an application to get programmatical access to Windows Defender ATP on behalf of a user. If you need programmatical access Windows Defender ATP without a user, refer to [Access Windows Defender ATP without a user](exposed-apis-create-app-webapp.md). diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md index e0b16ad6af..0ae84e76b3 100644 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md +++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md @@ -23,9 +23,9 @@ ms.date: 09/03/2018 [!include[Prerelease information](prerelease.md)] -This pages describes how to create an application to get programmatical access to Windows Defender ATP without a user. +This page describes how to create an application to get programmatical access to Windows Defender ATP without a user. -If you need programmatical access Windows Defender ATP on behalf of a user, please refer to [Access Windows Defender ATP on behalf of a user](exposed-apis-create-app-nativeapp.md) +If you need programmatical access Windows Defender ATP on behalf of a user, see [Access Windows Defender ATP on behalf of a user](exposed-apis-create-app-nativeapp.md) If you are not sure which access you need, see [Use Windows Defender ATP APIs](exposed-apis-intro.md). @@ -102,9 +102,9 @@ This page explains how to create an app, get an access token to Windows Defender 11. Set your application to be multi-tenanted - This is **required** for 3rd party apps (i.e., if you create an application that is intended to run in multiple customers tenant). + This is **required** for 3rd party apps (for example, if you create an application that is intended to run in multiple customers tenant). - This is **not required** if you create a service that you want to run in your tenant only (i.e., if you create an application for your own usage that will only interact with your own data)​ + This is **not required** if you create a service that you want to run in your tenant only (for example, if you create an application for your own usage that will only interact with your own data)​ Click **Properties** > **Yes** > **Save**. diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-full-sample-powershell.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-full-sample-powershell.md index 01f1b37243..ed69b07caf 100644 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-full-sample-powershell.md +++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-full-sample-powershell.md @@ -10,10 +10,15 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: medium -ms.date: 30/07/2018 +ms.date: 09/24/2018 --- # Windows Defender ATP APIs using PowerShell +**Applies to:** +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +[!include[Prerelease information](prerelease.md)] + Full scenario using multiple APIs from Windows Defender ATP. diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md index 5b82fb439d..4afdfd5ac2 100644 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md +++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md @@ -16,11 +16,6 @@ ms.date: 30/07/2018 # Supported Windows Defender ATP query APIs **Applies to:** - -- Windows 10 Enterprise -- Windows 10 Education -- Windows 10 Pro -- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md index d92068a830..dc9498c8f0 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md @@ -14,13 +14,10 @@ ms.date: 12/08/2017 --- # Get alert information by ID API - -[!include[Prerelease information](prerelease.md)] - **Applies to:** - - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] Retrieves an alert by its ID. diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection-new.md index bf4cd3243e..6e7721ecde 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection-new.md @@ -14,13 +14,10 @@ ms.date: 12/08/2017 --- # Get alert related domain information API - -[!include[Prerelease information](prerelease.md)] - **Applies to:** - - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] Retrieves all domains related to a specific alert. diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection-new.md index 56d4524ea3..7fe0e0b9d5 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection-new.md @@ -14,13 +14,10 @@ ms.date: 12/08/2017 --- # Get alert related files information API - -[!include[Prerelease information](prerelease.md)] - **Applies to:** - - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] Retrieves all files related to a specific alert. diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md index 4e60b78b74..29f7b7ed3e 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md @@ -14,13 +14,10 @@ ms.date: 12/08/2017 --- # Get alert related IP information API - -[!include[Prerelease information](prerelease.md)] - **Applies to:** - - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] Retrieves all IPs related to a specific alert. diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md index 9632c79913..279fbf2f70 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md @@ -14,14 +14,10 @@ ms.date: 12/08/2017 --- # Get alert related machine information API - -[!include[Prerelease information](prerelease.md)] - **Applies to:** - - Windows Defender Advanced Threat Protection (Windows Defender ATP) - +[!include[Prerelease information](prerelease.md)] Retrieves machine that is related to a specific alert. diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md index ea99a3b8d1..abdd6ee9d9 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md @@ -14,13 +14,10 @@ ms.date: 12/08/2017 --- # Get alert related user information API - -[!include[Prerelease information](prerelease.md)] - **Applies to:** - - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] Retrieves the user associated to a specific alert. diff --git a/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md index 15875f3291..a05d4dba9b 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md @@ -14,14 +14,12 @@ ms.date: 12/08/2017 --- # List alerts API - -[!include[Prerelease information](prerelease.md)] - **Applies to:** - - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + Retrieves top recent alerts. diff --git a/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md index b693400163..b8b7730bad 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md @@ -14,12 +14,13 @@ ms.date: 12/08/2017 --- # Get domain related alerts API +**Applies to:** +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + [!include[Prerelease information](prerelease.md)] -**Applies to:** -- Windows Defender Advanced Threat Protection (Windows Defender ATP) diff --git a/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md index f9af7b8a81..053470d9a6 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md @@ -14,14 +14,10 @@ ms.date: 12/08/2017 --- # Get domain related machines API - -[!include[Prerelease information](prerelease.md)] - **Applies to:** - - Windows Defender Advanced Threat Protection (Windows Defender ATP) - +[!include[Prerelease information](prerelease.md)] Retrieves a collection of machines that have communicated to or from a given domain address. diff --git a/windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection-new.md index 8ad81fef65..1625a17a50 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection-new.md @@ -14,14 +14,11 @@ ms.date: 12/08/2017 --- # Get domain statistics API - -[!include[Prerelease information](prerelease.md)] - **Applies to:** - - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] Retrieves the prevalence for the given domain. diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection-new.md index 2c7d7416cb..c817a1c653 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection-new.md @@ -14,13 +14,13 @@ ms.date: 12/08/2017 --- # Get file information API - -[!include[Prerelease information](prerelease.md)] - **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + + diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection-new.md index 9a48a46092..3c3605bebb 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection-new.md @@ -14,14 +14,16 @@ ms.date: 12/08/2017 --- # Get file related alerts API - -[!include[Prerelease information](prerelease.md)] - **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + + + + Retrieves a collection of alerts related to a given file hash. diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection-new.md index da84931205..1a96bc4743 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection-new.md @@ -14,14 +14,11 @@ ms.date: 12/08/2017 --- # Get file related machines API - -[!include[Prerelease information](prerelease.md)] - **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) - +[!include[Prerelease information](prerelease.md)] Retrieves a collection of machines related to a given file hash. diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection-new.md index 8146e74ee5..e8a8ede6fd 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection-new.md @@ -14,13 +14,14 @@ ms.date: 12/08/2017 --- # Get file statistics API - -[!include[Prerelease information](prerelease.md)] - **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + + + Retrieves the prevalence for the given file. diff --git a/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md index 130c22ad36..4d83cb3d73 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md @@ -14,14 +14,11 @@ ms.date: 12/08/2017 --- # Get IP related alerts API - -[!include[Prerelease information](prerelease.md)] - **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) - +[!include[Prerelease information](prerelease.md)] Retrieves a collection of alerts related to a given IP address. diff --git a/windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection-new.md index 91b327d71b..ecdab586f3 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection-new.md @@ -14,11 +14,11 @@ ms.date: 12/08/2017 --- # Get IP related machines API +**Applies to:** +- Windows Defender Advanced Threat Protection (Windows Defender ATP) [!include[Prerelease information](prerelease.md)] -**Applies to:** -- Windows Defender Advanced Threat Protection (Windows Defender ATP) Retrieves a collection of machines that communicated with or from a particular IP. diff --git a/windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection-new.md index a33784bce5..990bd3f852 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection-new.md @@ -14,13 +14,14 @@ ms.date: 12/08/2017 --- # Get IP statistics API - -[!include[Prerelease information](prerelease.md)] - **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + + + Retrieves the prevalence for the given IP. ## Permissions diff --git a/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md index ef0c177338..7a7fbac1dd 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md @@ -14,13 +14,13 @@ ms.date: 12/08/2017 --- # Get machine by ID API - -[!include[Prerelease information](prerelease.md)] - **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) + +[!include[Prerelease information](prerelease.md)] + Retrieves a machine entity by ID. ## Permissions diff --git a/windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md index 3811fc208f..55a04d003b 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md @@ -14,13 +14,15 @@ ms.date: 12/08/2017 --- # Get machine log on users API - -[!include[Prerelease information](prerelease.md)] - **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) + +[!include[Prerelease information](prerelease.md)] + + + Retrieves a collection of logged on users. ## Permissions diff --git a/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md index 1af227a95a..780354b0dd 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md @@ -14,12 +14,12 @@ ms.date: 12/08/2017 --- # Get machine related alerts API +**Applies to:** +- Windows Defender Advanced Threat Protection (Windows Defender ATP) [!include[Prerelease information](prerelease.md)] -**Applies to:** -- Windows Defender Advanced Threat Protection (Windows Defender ATP) Retrieves a collection of alerts related to a given machine ID. diff --git a/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection-new.md index 8a2fe385ab..0abd8e7cfc 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection-new.md @@ -14,13 +14,11 @@ ms.date: 12/08/2017 --- # Get machineAction API +**Applies to:** +- Windows Defender Advanced Threat Protection (Windows Defender ATP) [!include[Prerelease information](prerelease.md)] -**Applies to:** - -- Windows Defender Advanced Threat Protection (Windows Defender ATP) - Get action performed on a machine. ## Permissions diff --git a/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md index 7c13dee9ec..2eccd27c17 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md @@ -14,13 +14,15 @@ ms.date: 12/08/2017 --- # List machines API - -[!include[Prerelease information](prerelease.md)] - **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) + +[!include[Prerelease information](prerelease.md)] + + + Retrieves a collection of machines that have communicated with WDATP cloud on the last 30 days. ## Permissions diff --git a/windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection-new.md index c854d33b50..b7b734a241 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection-new.md @@ -14,13 +14,11 @@ ms.date: 12/08/2017 --- # Get package SAS URI API +**Applies to:** +- Windows Defender Advanced Threat Protection (Windows Defender ATP) [!include[Prerelease information](prerelease.md)] -**Applies to:** - -- Windows Defender Advanced Threat Protection (Windows Defender ATP) - Get a URI that allows downloading of an [investigation package](collect-investigation-package-windows-defender-advanced-threat-protection-new.md). ## Permissions diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md index 418ad94328..7bbc0c5ccb 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md @@ -14,13 +14,11 @@ ms.date: 12/08/2017 --- # Get user related alerts API +**Applies to:** +- Windows Defender Advanced Threat Protection (Windows Defender ATP) [!include[Prerelease information](prerelease.md)] -**Applies to:** - -- Windows Defender Advanced Threat Protection (Windows Defender ATP) - Retrieves a collection of alerts related to a given user ID. ## Permissions diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md index 4039343929..203642ef2e 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md @@ -14,13 +14,11 @@ ms.date: 12/08/2017 --- # Get user related machines API +**Applies to:** +- Windows Defender Advanced Threat Protection (Windows Defender ATP) [!include[Prerelease information](prerelease.md)] -**Applies to:** - -- Windows Defender Advanced Threat Protection (Windows Defender ATP) - Retrieves a collection of machines related to a given user ID. ## Permissions diff --git a/windows/security/threat-protection/windows-defender-atp/images/power-bi-query-results.png b/windows/security/threat-protection/windows-defender-atp/images/power-bi-query-results.png index 25392791c0..b94ee3a009 100644 Binary files a/windows/security/threat-protection/windows-defender-atp/images/power-bi-query-results.png and b/windows/security/threat-protection/windows-defender-atp/images/power-bi-query-results.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection-new.md index 5823c0d793..e3fc93951d 100644 --- a/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection-new.md @@ -14,13 +14,12 @@ ms.date: 04/24/2018 --- # Was domain seen in org +**Applies to:** +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + [!include[Prerelease information](prerelease.md)] -**Applies to:** - -- Windows Defender Advanced Threat Protection (Windows Defender ATP) - Answers whether a domain was seen in the organization. ## Permissions diff --git a/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection-new.md index b015a3afe9..575b792100 100644 --- a/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection-new.md @@ -14,13 +14,13 @@ ms.date: 12/08/2017 --- # Was IP seen in org - -[!include[Prerelease information](prerelease.md)] - **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) + +[!include[Prerelease information](prerelease.md)] + Answers whether an IP was seen in the organization. ## Permissions diff --git a/windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection-new.md index 45a75dc778..87e3e1531b 100644 --- a/windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection-new.md @@ -14,13 +14,11 @@ ms.date: 12/08/2017 --- # Isolate machine API +**Applies to:** +- Windows Defender Advanced Threat Protection (Windows Defender ATP) [!include[Prerelease information](prerelease.md)] -**Applies to:** - -- Windows Defender Advanced Threat Protection (Windows Defender ATP) - Isolates a machine from accessing external network. ## Permissions diff --git a/windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md index 3166f0526d..51ce0684a8 100644 --- a/windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md @@ -15,6 +15,11 @@ ms.date: 12/08/2017 # MachineAction resource type +**Applies to:** +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +[!include[Prerelease information](prerelease.md)] + Method|Return Type |Description :---|:---|:--- [List MachineActions](get-machineactions-collection-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | List [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entities. diff --git a/windows/security/threat-protection/windows-defender-atp/offboard-machine-api-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/offboard-machine-api-windows-defender-advanced-threat-protection-new.md index 001aac7db4..050e18c993 100644 --- a/windows/security/threat-protection/windows-defender-atp/offboard-machine-api-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/offboard-machine-api-windows-defender-advanced-threat-protection-new.md @@ -14,13 +14,11 @@ ms.date: 12/08/2017 --- # Offboard machine API +**Applies to:** +- Windows Defender Advanced Threat Protection (Windows Defender ATP) [!include[Prerelease information](prerelease.md)] -**Applies to:** - -- Windows Defender Advanced Threat Protection (Windows Defender ATP) - Offboard machine from WDATP. ## Permissions diff --git a/windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection-new.md index 0ecc9cd09c..486f9db534 100644 --- a/windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection-new.md @@ -14,13 +14,11 @@ ms.date: 12/08/2017 --- # Restrict app execution API +**Applies to:** +- Windows Defender Advanced Threat Protection (Windows Defender ATP) [!include[Prerelease information](prerelease.md)] -**Applies to:** - -- Windows Defender Advanced Threat Protection (Windows Defender ATP) - Restrict execution of all applications on the machine except a predefined set (see [Response machine alerts](respond-machine-alerts-windows-defender-advanced-threat-protection.md) for more information) ## Permissions diff --git a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md index c6dde9776c..7e312d08e8 100644 --- a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md +++ b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md @@ -14,21 +14,22 @@ ms.date: 09/03/2018 --- # Advanced hunting API +**Applies to:** +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + [!include[Prerelease information](prerelease.md)] -**Applies to:** -- Windows Defender Advanced Threat Protection (Windows Defender ATP) -This API allows you to run programatically queries that you are used to run from [Windows Defender ATP Portal](https://securitycenter.windows.com/hunting) +This API allows you to run programmatic queries that you are used to running from [Windows Defender ATP Portal](https://securitycenter.windows.com/hunting). ## Limitations -This API is a beta version only and is currently restricted +This API is a beta version only and is currently restricted to the following actions: 1. ​You can only run a query on data from the last 30 days 2. The results will include a maximum of 10,000 rows -3. The nu​mber of executions is limited​ (up to 15 minutes every hour and 4 hours a day) +3. The number of executions is limited​ (up to 15 minutes every hour and 4 hours a day) ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](exposed-apis-intro.md) @@ -123,12 +124,12 @@ Content-Type: application/json​ ``` -## T​roubl​eshooting: +## T​roubl​eshoot issues - Error: (403) Forbidden - If you get this error when calling WDATP API, your token probably does not include the necessary permission. + If you get this error when calling Windows Defender ATP API, your token might not include the necessary permission. Check [app permissions](exposed-apis-create-app-webapp.md#validate-the-token) or [delegated permissions](exposed-apis-create-app-nativeapp.md#validate-the-token) included in your token. diff --git a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-ms-flow.md b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-ms-flow.md index f02cf020ec..c15d2c10b3 100644 --- a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-ms-flow.md +++ b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-ms-flow.md @@ -10,30 +10,31 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: medium -ms.date: 30/07/2018 +ms.date: 09/24/2018 --- # Schedule Advanced Hunting using Microsoft Flow - **Applies to:** - - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + Schedule advanced query. ->**Prerequisite**: You first need to [create an app](exposed-apis-intro.md). +## Before you begin +You first need to [create an app](exposed-apis-intro.md). ## Use case -If you need to schedule an advanced query and use the results for follow up actions and processing, you can use [Microsoft Flow](https://flow.microsoft.com/) (or Logic Apps) for it! +If you need to schedule an advanced query and use the results for follow up actions and processing, you can use [Microsoft Flow](https://flow.microsoft.com/) (or Logic Apps) for it. ## Define a flow to run query and parse results -You will find below a very basic flow example: +Use the following basic flow as an example. -1. Define the trigger – Recurrence by time +1. Define the trigger – Recurrence by time. -2. Add an action – Select HTTP +2. Add an action: Select HTTP. ![Image of MsFlow choose an action](images/ms-flow-choose-action.png) @@ -59,9 +60,9 @@ You will find below a very basic flow example: ## Expand the flow to use the query results -The below section shows how to use the parsed results to insert them in SQL database. +The following section shows how to use the parsed results to insert them in SQL database. -This is an example only, you could perform on your results any other action supported by Microsoft Flow. +This is an example only, you can use other actions supported by Microsoft Flow. - Add an 'Apply to each' action - Select the Results json (which was an output of the last parse action) @@ -76,7 +77,7 @@ The output in the SQL DB is getting updates and can be used for correlation with ## Full flow definition -You can find below the full definition +You can see the full defintion in the following image: ![Image of E2E flow](images/ms-flow-e2e.png) diff --git a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-user-token.md b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-user-token.md index aa6da165e7..4c57316ddc 100644 --- a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-user-token.md +++ b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-user-token.md @@ -14,6 +14,11 @@ ms.date: 30/07/2018 --- # Create custom reports using Power BI (user authentication) +**Applies to:** +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +[!include[Prerelease information](prerelease.md)] + Run advanced queries and show results in Microsoft Power BI. Please read about [Advanced Hunting API](run-advanced-query-api.md) before. @@ -21,7 +26,8 @@ In this section we share Power BI query sample to run a query using **user token If you want to use **application token** instead please refer to [this](run-advanced-query-sample-power-bi-app-token.md) tutorial. ->**Prerequisite**: You first need to [create an app](exposed-apis-create-app-nativeapp.md). +## Before you begin +You first need to [create an app](exposed-apis-create-app-nativeapp.md). ## Run a query diff --git a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-powershell.md b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-powershell.md index 982fec1b38..ca0f03811b 100644 --- a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-powershell.md +++ b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-powershell.md @@ -10,18 +10,24 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: medium -ms.date: 30/07/2018 +ms.date: 09/24/2018 --- # Advanced Hunting using PowerShell +**Applies to:** +- Windows Defender Advanced Threat Protection (Windows Defender ATP) -Run advanced queries using PowerShell. Please read about [Advanced Hunting API](run-advanced-query-api.md) before. +[!include[Prerelease information](prerelease.md)] + + +Run advanced queries using PowerShell, see [Advanced Hunting API](run-advanced-query-api.md). In this section we share PowerShell samples to retrieve a token and use it to run a query. ->**Prerequisite**: You first need to [create an app](exposed-apis-intro.md). +## Before you begin +You first need to [create an app](exposed-apis-intro.md). -## Preparation Instructions +## Preparation instructions - Open a PowerShell window. - If your policy does not allow you to run the PowerShell commands, you can run the below command: @@ -29,11 +35,11 @@ In this section we share PowerShell samples to retrieve a token and use it to ru Set-ExecutionPolicy -ExecutionPolicy Bypass ``` ->For more details, refer to [PowerShell documentation](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/set-executionpolicy) +>For more details, see [PowerShell documentation](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/set-executionpolicy) ## Get token -- Run the below +- Run the following: ``` $tenantId = '00000000-0000-0000-0000-000000000000' # Paste your own tenant ID here @@ -60,7 +66,7 @@ where ## Run query -Run the below +Run the following query: ``` $query = 'RegistryEvents | limit 10' # Paste your own query here diff --git a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md index d0c7fc7712..afd8a8d4d4 100644 --- a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md +++ b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md @@ -14,8 +14,12 @@ ms.date: 30/07/2018 --- # Advanced Hunting using Python +**Applies to:** +- Windows Defender Advanced Threat Protection (Windows Defender ATP) -Run advanced queries using Python. Please read about [Advanced Hunting API](run-advanced-query-api.md) before. +[!include[Prerelease information](prerelease.md)] + +Run advanced queries using Python, see [Advanced Hunting API](run-advanced-query-api.md). In this section we share Python samples to retrieve a token and use it to run a query. @@ -23,7 +27,7 @@ In this section we share Python samples to retrieve a token and use it to run a ## Get token -- Run the below +- Run the following: ``` @@ -62,7 +66,7 @@ where ## Run query -Run the below + Run the following query: ``` query = 'RegistryEvents | limit 10' # Paste your own query here diff --git a/windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection-new.md index d9adb2e60f..70364ee219 100644 --- a/windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection-new.md @@ -14,13 +14,11 @@ ms.date: 12/08/2017 --- # Run antivirus scan API +**Applies to:** +- Windows Defender Advanced Threat Protection (Windows Defender ATP) [!include[Prerelease information](prerelease.md)] -**Applies to:** - -- Windows Defender Advanced Threat Protection (Windows Defender ATP) - Initiate Windows Defender Antivirus scan on a machine. ## Permissions diff --git a/windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection-new.md index aafaac2b2f..df656faa25 100644 --- a/windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection-new.md @@ -14,13 +14,11 @@ ms.date: 12/08/2017 --- # Release machine from isolation API +**Applies to:** +- Windows Defender Advanced Threat Protection (Windows Defender ATP) [!include[Prerelease information](prerelease.md)] -**Applies to:** - -- Windows Defender Advanced Threat Protection (Windows Defender ATP) - Undo isolation of a machine. ## Permissions diff --git a/windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md index 6d624f7855..8552f37c2a 100644 --- a/windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md @@ -14,11 +14,11 @@ ms.date: 12/08/2017 --- # Remove app restriction API - **Applies to:** - - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] + Enable execution of any application on the machine. diff --git a/windows/security/threat-protection/windows-defender-atp/update-alert-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/update-alert-windows-defender-advanced-threat-protection-new.md index 40f47a0edc..81c8f8d9ac 100644 --- a/windows/security/threat-protection/windows-defender-atp/update-alert-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/update-alert-windows-defender-advanced-threat-protection-new.md @@ -14,13 +14,12 @@ ms.date: 12/08/2017 --- # Update alert - -[!include[Prerelease information](prerelease.md)] - **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) + +[!include[Prerelease information](prerelease.md)] Update the properties of an alert entity. ## Permissions