From 52274edb2d201d940f0286729c19f1dd7369233c Mon Sep 17 00:00:00 2001 From: Leonid Zhitomirsky Date: Sun, 7 Oct 2018 16:05:36 +0000 Subject: [PATCH 01/20] Updated supported-apis-windows-defender-advanced-threat-protection.md --- ...ported-apis-windows-defender-advanced-threat-protection.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md index a6c64df7ff..bc16fe2624 100644 --- a/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md @@ -34,4 +34,8 @@ File | Run API calls such as get file information, file related alerts, file rel IP | Run API calls such as get IP related alerts, IP related machines, IP statistics, and check if and IP is seen in your organization. Machines | Run API calls such as find machine information by IP, get machines, get machines by ID, information about logged on users, and alerts related to a given machine ID. User | Run API calls such as get alert related user information, user information, user related alerts, and user related machines. +KbInfo | Run API call that gets list of Windows KB's information +CveKbMap | Run API call that gets mapping of CVE's to corresponding KB's +MachineSecurityStates | Run API call that gets list of machines with their security properties and versions +MachineGroups | Run API call that gets list of machine group definitions From 9e8c4645f72592cf7f4e35742b518ddd8c6ea439 Mon Sep 17 00:00:00 2001 From: Leonid Zhitomirsky Date: Sun, 7 Oct 2018 16:14:44 +0000 Subject: [PATCH 02/20] Added file get-kbinfo-collection-windows-defender-advanced-threat-protection.md --- ...info-collection-windows-defender-advanced-threat-protection.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md diff --git a/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..e69de29bb2 From 81f35d1255181fbb75694df7f48101b9e9a4977b Mon Sep 17 00:00:00 2001 From: Leonid Zhitomirsky Date: Sun, 7 Oct 2018 16:15:28 +0000 Subject: [PATCH 03/20] Added file get-cvekbmap-collection-windows-defender-advanced-threat-protection.md --- ...bmap-collection-windows-defender-advanced-threat-protection.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md diff --git a/windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..e69de29bb2 From 1c1c742b0b9fd604c69292d2f7f7a649299d85f7 Mon Sep 17 00:00:00 2001 From: Leonid Zhitomirsky Date: Sun, 7 Oct 2018 16:16:05 +0000 Subject: [PATCH 04/20] Added file get-machinegroups-collection-windows-defender-advanced-threat-protection --- ...egroups-collection-windows-defender-advanced-threat-protection | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection diff --git a/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection b/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection new file mode 100644 index 0000000000..e69de29bb2 From e5205246254297ba06179449daf469049bbc39d6 Mon Sep 17 00:00:00 2001 From: Leonid Zhitomirsky Date: Sun, 7 Oct 2018 16:16:49 +0000 Subject: [PATCH 05/20] Added file get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md --- ...ates-collection-windows-defender-advanced-threat-protection.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md diff --git a/windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..e69de29bb2 From 5fd781c70e367143b6ed339356829e83924e25ec Mon Sep 17 00:00:00 2001 From: Leonid Zhitomirsky Date: Sun, 7 Oct 2018 16:29:57 +0000 Subject: [PATCH 06/20] Updated get-cvekbmap-collection-windows-defender-advanced-threat-protection.md --- ...ows-defender-advanced-threat-protection.md | 77 +++++++++++++++++++ 1 file changed, 77 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md index e69de29bb2..42220a68a4 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md @@ -0,0 +1,77 @@ +--- +title: Get CVE-KB map API +description: Retrieves a map of CVE's to KB's. +keywords: apis, graph api, supported apis, get, cve, kb +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: leonidzh +author: mjcaparas +ms.localizationpriority: medium +ms.date: 10/07/2018 +--- + +# Get CVE-KB map API + +**Applies to:** + +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +Retrieves a map of of CVE's to KB's and CVE details. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/cvekbmap +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + +## Request body +Empty + +## Response +If successful and map exists - 200 OK. + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/CveKbMap +Content-type: application/json +``` + +**Response** + +Here is an example of the response. + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context":"https://graph.microsoft-ppe.com/testwdatpbeta/$metadata#CveKbMap", + "@odata.count": 4168, + "value": [ + { + "cveKbId": "CVE-2015-2482-3097617", + "cveId": "CVE-2015-2482", + "kbId":"3097617", + "title": "Cumulative Security Update for Internet Explorer", + "severity": "Critical" + }, + … +} + +``` From 397d4fc98bb5deb6d7da5e804c66988eb1dfa55f Mon Sep 17 00:00:00 2001 From: Leonid Zhitomirsky Date: Mon, 8 Oct 2018 06:14:06 +0000 Subject: [PATCH 07/20] Updated get-kbinfo-collection-windows-defender-advanced-threat-protection.md --- ...ows-defender-advanced-threat-protection.md | 76 +++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md index e69de29bb2..c145c2e5cd 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md @@ -0,0 +1,76 @@ +--- +title: Get KB collection API +description: Retrieves a collection of KB's. +keywords: apis, graph api, supported apis, get, kb +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: leonidzh +author: mjcaparas +ms.localizationpriority: medium +ms.date: 10/07/2018 +--- + +# Get KB collection API + +**Applies to:** + +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +Retrieves a collection of KB's and KB details. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/kbinfo +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + +## Request body +Empty + +## Response +If successful - 200 OK. + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/KbInfo +Content-type: application/json +``` + +**Response** + +Here is an example of the response. + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://graph.microsoft-ppe.com/testwdatpbeta/$metadata#KbInfo", + "@odata.count": 271, + "value":[ + { + "id": "KB3097617 (10240.16549) Amd64", + "release": "KB3097617 (10240.16549)", + "publishingDate": "2015-10-16T21:00:00Z", + "version": "10.0.10240.16549", + "architecture": "Amd64" + }, + … +} +``` \ No newline at end of file From b3c99ce75fabbb9ccd0ea2c0c386f07c8f533ea3 Mon Sep 17 00:00:00 2001 From: Leonid Zhitomirsky Date: Mon, 8 Oct 2018 06:27:21 +0000 Subject: [PATCH 08/20] Updated get-machinegroups-collection-windows-defender-advanced-threat-protection --- ...indows-defender-advanced-threat-protection | 76 +++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection b/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection index e69de29bb2..93b2b4a472 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection +++ b/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection @@ -0,0 +1,76 @@ +--- +title: Get RBAC machine groups collection API +description: Retrieves a collection of RBAC machine groups. +keywords: apis, graph api, supported apis, get, RBAC, group +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: leonidzh +author: mjcaparas +ms.localizationpriority: medium +ms.date: 10/07/2018 +--- + +# Get KB collection API + +**Applies to:** + +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +Retrieves a collection of RBAC machine groups. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/machinegroups +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + +## Request body +Empty + +## Response +If successful - 200 OK. + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/machinegroups +Content-type: application/json +``` + +**Response** + +Here is an example of the response. +Field id contains machine group **id** and equal to field **rbacGroupId** in machines info. +Field **ungrouped** is true only for one group for all machines that have not been assigned to any group. This group as usual has name "UnassignedGroup". + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context":"https://graph.microsoft-ppe.com/testwdatppreview/$metadata#MachineGroups", + "@odata.count":7, + "value":[ + { + "id":86, + "name":"UnassignedGroup", + "description":"", + "ungrouped":true}, + … +} +``` \ No newline at end of file From bc44252f52d6057ad9570252d32354bc140122b6 Mon Sep 17 00:00:00 2001 From: Leonid Zhitomirsky Date: Mon, 8 Oct 2018 06:28:19 +0000 Subject: [PATCH 09/20] Renamed get-machinegroups-collection-windows-defender-advanced-threat-protection to get-machinegroups-collection-windows-defender-advanced-threat-protection.md --- ...ups-collection-windows-defender-advanced-threat-protection.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename windows/security/threat-protection/windows-defender-atp/{get-machinegroups-collection-windows-defender-advanced-threat-protection => get-machinegroups-collection-windows-defender-advanced-threat-protection.md} (100%) diff --git a/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection b/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md similarity index 100% rename from windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection rename to windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md From fd8f1c8f51627bc566acf69333816ff2fd475acb Mon Sep 17 00:00:00 2001 From: Leonid Zhitomirsky Date: Mon, 8 Oct 2018 06:39:56 +0000 Subject: [PATCH 10/20] Updated get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md --- ...ows-defender-advanced-threat-protection.md | 83 +++++++++++++++++++ 1 file changed, 83 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md index e69de29bb2..2c02695ffe 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md @@ -0,0 +1,83 @@ +--- +title: Get machines security states collection API +description: Retrieves a collection of machines security states. +keywords: apis, graph api, supported apis, get, machine, security, state +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: leonidzh +author: mjcaparas +ms.localizationpriority: medium +ms.date: 10/07/2018 +--- + +# Get Machines security states collection API + +**Applies to:** + +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +Retrieves a collection of machines security states. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/machinesecuritystates +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + +## Request body +Empty + +## Response +If successful - 200 OK. + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/machinesecuritystates +Content-type: application/json +``` + +**Response** + +Here is an example of the response. +Field *id* contains machine id and equal to the field *id** in machines info. + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context":"https://graph.microsoft-ppe.com/testwdatppreview/$metadata#MachineSecurityStates", + "@odata.count":444, + "@odata.nextLink":"https://graph.microsoft-ppe.com/testwdatppreview/machinesecuritystates?$skiptoken=[continuation token]", + "value":[ + { + "id":"000050e1b4afeee3742489ede9ad7a3e16bbd9c4", + "build":14393, + "revision":2485, + "architecture":"Amd64", + "osVersion":"10.0.14393.2485.amd64fre.rs1_release.180827-1809", + "propertiesRequireAttention":[ + "AntivirusNotReporting", + "EdrImpairedCommunications" + ] + }, + … + ] +} +``` \ No newline at end of file From 82e8bcfd78f21aeaa2cd969ada72c2f84c1b5ca4 Mon Sep 17 00:00:00 2001 From: Leonid Zhitomirsky Date: Tue, 9 Oct 2018 08:21:39 +0000 Subject: [PATCH 11/20] Updated TOC.md --- .../windows-defender-atp/TOC.md | 20 +++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md index deb8c0e185..6b24986e33 100644 --- a/windows/security/threat-protection/windows-defender-atp/TOC.md +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -89,11 +89,12 @@ ###### [Get alert related file information](get-alert-related-files-info-windows-defender-advanced-threat-protection.md) ###### [Get alert related IP information](get-alert-related-ip-info-windows-defender-advanced-threat-protection.md) ###### [Get alert related machine information](get-alert-related-machine-info-windows-defender-advanced-threat-protection.md) -######Domain -####### [Get domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection.md) -####### [Get domain related machines](get-domain-related-machines-windows-defender-advanced-threat-protection.md) -####### [Get domain statistics](get-domain-statistics-windows-defender-advanced-threat-protection.md) -####### [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md) + +#####Domain +###### [Get domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection.md) +###### [Get domain related machines](get-domain-related-machines-windows-defender-advanced-threat-protection.md) +###### [Get domain statistics](get-domain-statistics-windows-defender-advanced-threat-protection.md) +###### [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md) #####File ###### [Block file API](block-file-windows-defender-advanced-threat-protection.md) @@ -129,12 +130,19 @@ ###### [Restrict app execution API](restrict-code-execution-windows-defender-advanced-threat-protection.md) ###### [Run antivirus scan API](run-av-scan-windows-defender-advanced-threat-protection.md) ###### [Stop and quarantine file API](stop-quarantine-file-windows-defender-advanced-threat-protection.md) - +#####Machines Security States +###### [Get MachineSecurityStates collection](get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md) +#####Machine Groups +###### [Get MachineGroups collection](get-machinegroups-collection-windows-defender-advanced-threat-protection.md) #####User ###### [Get alert related user information](get-alert-related-user-info-windows-defender-advanced-threat-protection.md) ###### [Get user information](get-user-information-windows-defender-advanced-threat-protection.md) ###### [Get user related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection.md) ###### [Get user related machines](get-user-related-machines-windows-defender-advanced-threat-protection.md) +#####Windows updates (KB) info +###### [Get KbInfo collection](get-kbinfo-collection-windows-defender-advanced-threat-protection.md) +#####Common Vulnerabilities and Exposures (CVE) to KB map +###### [Get CVE-KB map](get-cvekbmap-collection-windows-defender-advanced-threat-protection.md) #### [Managed security service provider support](mssp-support-windows-defender-advanced-threat-protection.md) From f82878a0ea24a89238b03d740e4a9d6d1a8bb798 Mon Sep 17 00:00:00 2001 From: Leonid Zhitomirsky Date: Tue, 9 Oct 2018 08:29:17 +0000 Subject: [PATCH 12/20] Updated TOC.md --- windows/security/threat-protection/TOC.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 6bc125f9d5..4f0ce0c343 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -130,6 +130,10 @@ ####### [Restrict app execution API](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md) ####### [Run antivirus scan API](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md) ####### [Stop and quarantine file API](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md) +######Machines Security States +####### [Get MachineSecurityStates collection](get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md) +######Machine Groups +####### [Get MachineGroups collection](get-machinegroups-collection-windows-defender-advanced-threat-protection.md) ######User ####### [Get alert related user information](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md) @@ -137,6 +141,12 @@ ####### [Get user related alerts](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md) ####### [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md) +######Windows updates (KB) info +####### [Get KbInfo collection](get-kbinfo-collection-windows-defender-advanced-threat-protection.md) +######Common Vulnerabilities and Exposures (CVE) to KB map +####### [Get CVE-KB map](get-cvekbmap-collection-windows-defender-advanced-threat-protection.md) + + ##### [Managed security service provider support](windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md) From 662d87457f97fb267db2db75f2c3973d113f1ffc Mon Sep 17 00:00:00 2001 From: Leonid Zhitomirsky Date: Tue, 9 Oct 2018 08:39:52 +0000 Subject: [PATCH 13/20] Updated TOC.md --- windows/security/threat-protection/TOC.md | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 4f0ce0c343..7ff3a5b487 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -90,11 +90,11 @@ ####### [Get alert related file information](windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md) ####### [Get alert related IP information](windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md) ####### [Get alert related machine information](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md) -#######Domain -######## [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md) -######## [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md) -######## [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md) -######## [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md) +######Domain +####### [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md) +####### [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md) +####### [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md) +####### [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md) ######File ####### [Block file API](windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md) @@ -145,8 +145,6 @@ ####### [Get KbInfo collection](get-kbinfo-collection-windows-defender-advanced-threat-protection.md) ######Common Vulnerabilities and Exposures (CVE) to KB map ####### [Get CVE-KB map](get-cvekbmap-collection-windows-defender-advanced-threat-protection.md) - - ##### [Managed security service provider support](windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md) From 8b8b6191ff4279e8a869829217078363fc9a20fb Mon Sep 17 00:00:00 2001 From: Leonid Zhitomirsky Date: Tue, 9 Oct 2018 08:42:21 +0000 Subject: [PATCH 14/20] Updated get-kbinfo-collection-windows-defender-advanced-threat-protection.md --- ...fo-collection-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md index c145c2e5cd..5c2c0916cb 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md @@ -61,7 +61,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context": "https://graph.microsoft-ppe.com/testwdatpbeta/$metadata#KbInfo", + "@odata.context": "https://graph.microsoft-ppe.com/testwdatppreview/$metadata#KbInfo", "@odata.count": 271, "value":[ { From 5dd3804007a380030460dc9e7e1aec1f0d0e4cf0 Mon Sep 17 00:00:00 2001 From: Leonid Zhitomirsky Date: Tue, 9 Oct 2018 08:44:17 +0000 Subject: [PATCH 15/20] Updated get-cvekbmap-collection-windows-defender-advanced-threat-protection.md --- ...ap-collection-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md index 42220a68a4..4a3d1ffbeb 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md @@ -61,7 +61,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context":"https://graph.microsoft-ppe.com/testwdatpbeta/$metadata#CveKbMap", + "@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#CveKbMap", "@odata.count": 4168, "value": [ { From ce9246d9e0085c15835f9db07c760ce132b5c8ee Mon Sep 17 00:00:00 2001 From: Leonid Zhitomirsky Date: Tue, 9 Oct 2018 08:44:49 +0000 Subject: [PATCH 16/20] Updated get-kbinfo-collection-windows-defender-advanced-threat-protection.md --- ...fo-collection-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md index 5c2c0916cb..1c1cdeda69 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md @@ -61,7 +61,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context": "https://graph.microsoft-ppe.com/testwdatppreview/$metadata#KbInfo", + "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#KbInfo", "@odata.count": 271, "value":[ { From 43a436848e31cc604bdee12a4d17267cca60fb69 Mon Sep 17 00:00:00 2001 From: Leonid Zhitomirsky Date: Tue, 9 Oct 2018 08:46:13 +0000 Subject: [PATCH 17/20] Updated get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md --- ...-collection-windows-defender-advanced-threat-protection.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md index 2c02695ffe..1402d68f04 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md @@ -62,9 +62,9 @@ Field *id* contains machine id and equal to the field *id** in machines info. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context":"https://graph.microsoft-ppe.com/testwdatppreview/$metadata#MachineSecurityStates", + "@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#MachineSecurityStates", "@odata.count":444, - "@odata.nextLink":"https://graph.microsoft-ppe.com/testwdatppreview/machinesecuritystates?$skiptoken=[continuation token]", + "@odata.nextLink":"https://graph.microsoft.com/testwdatppreview/machinesecuritystates?$skiptoken=[continuation token]", "value":[ { "id":"000050e1b4afeee3742489ede9ad7a3e16bbd9c4", From 82dc29ee87e7dcab09a6b3d7944bc305ba2282b2 Mon Sep 17 00:00:00 2001 From: Leonid Zhitomirsky Date: Tue, 9 Oct 2018 08:46:38 +0000 Subject: [PATCH 18/20] Updated get-machinegroups-collection-windows-defender-advanced-threat-protection.md --- ...ps-collection-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md index 93b2b4a472..2e2a0ae684 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md @@ -63,7 +63,7 @@ Field **ungrouped** is true only for one group for all machines that have not be HTTP/1.1 200 OK Content-type: application/json { - "@odata.context":"https://graph.microsoft-ppe.com/testwdatppreview/$metadata#MachineGroups", + "@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#MachineGroups", "@odata.count":7, "value":[ { From 26122ed2ccf0bca5434448cfba14c50b130b499a Mon Sep 17 00:00:00 2001 From: Leonid Zhitomirsky Date: Tue, 9 Oct 2018 08:49:21 +0000 Subject: [PATCH 19/20] Updated machine-groups-windows-defender-advanced-threat-protection.md --- ...chine-groups-windows-defender-advanced-threat-protection.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md index 2969a1b1a1..c32acad7cf 100644 --- a/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md @@ -88,4 +88,5 @@ Machines that are not matched to any groups are added to Ungrouped machines (def ## Related topic -- [Manage portal access using role-based based access control](rbac-windows-defender-advanced-threat-protection.md) \ No newline at end of file +- [Manage portal access using role-based based access control](rbac-windows-defender-advanced-threat-protection.md) +- [Get list of tenant machine groups using Graph API](get-machinegroups-collection-windows-defender-advanced-threat-protection.md) \ No newline at end of file From eb2b01a7d97f9e773a9a6256acef04e4209fa648 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 9 Oct 2018 11:49:21 -0700 Subject: [PATCH 20/20] fix links in toc --- windows/security/threat-protection/TOC.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 7ff3a5b487..ad433dc3ab 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -131,9 +131,9 @@ ####### [Run antivirus scan API](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md) ####### [Stop and quarantine file API](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md) ######Machines Security States -####### [Get MachineSecurityStates collection](get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md) +####### [Get MachineSecurityStates collection](windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md) ######Machine Groups -####### [Get MachineGroups collection](get-machinegroups-collection-windows-defender-advanced-threat-protection.md) +####### [Get MachineGroups collection](windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md) ######User ####### [Get alert related user information](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md) @@ -142,9 +142,9 @@ ####### [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md) ######Windows updates (KB) info -####### [Get KbInfo collection](get-kbinfo-collection-windows-defender-advanced-threat-protection.md) +####### [Get KbInfo collection](windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md) ######Common Vulnerabilities and Exposures (CVE) to KB map -####### [Get CVE-KB map](get-cvekbmap-collection-windows-defender-advanced-threat-protection.md) +####### [Get CVE-KB map](windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md) ##### [Managed security service provider support](windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md)