deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 12:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

add complete code

Browse Source
This commit is contained in:
jcaparas
2017-03-02 20:15:34 -08:00
parent 0de716bae5
commit 66a3d95786
1 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
windows/keep-secure/powershell-example-code-windows-defender-advanced-threat-protection.md
View File

@ -32,32 +32,37 @@ These code examples demonstrate the following tasks:
- [Create a new alert definition](#create-a-new-alert-definition)
- [Create a new indicator of compromise](#create-a-new-indicator-of-compromise)
## Obtain an Azure AD access token
## Step 1: Obtain an Azure AD access token
The following example demonstrates how to obtain an Azure AD access token that you can use to call methods in the custom threat intelligence API. After you obtain a token, you have 60 minutes to use this token in calls to the custom threat intelligence API before the token expires. After the token expires, you can generate a new token.
Replace the *tenant\_id*, *client_id*, and *client_secret* values with the ones you got from **Preferences settings** page in the portal:
Replace the *tenantid*, *clientid*, and *clientSecret* values with the ones you got from **Preferences settings** page in the portal:
[!code[CustomTIAPI](./code/example.ps1#L1-L14)]
## Create headers
The following example demonstrates how to create headers used for the requests with the API.
## Step 2: Create headers used for the requests with the API
Use the following code to create the headers used for the requests with the API:
[!code[CustomTIAPI](./code/example.ps1#L16-L19)]
## Create calls to the custom threat intelligence API
The following example demonstrates how to view all alert definition entities by creating a call to the API.
## Step 3: Create calls to the custom threat intelligence API
After creating the headers, you can now create calls to the API. The following example demonstrates how you can view all the alert definition entities:
[!code[CustomTIAPI](./code/example.ps1#L21-L24)]
If this is the first time to use the API, the response is empty.
## Create a new alert definition
## Step 4: Create a new alert definition
The following example shows how to create a new alert definition.
[!code[CustomTIAPI](./code/example.ps1#L26-L39)]
## Create a new indicator of compromise
The following example shows how to use the alert ID obtained from creating a new alert definition to create a new indicator of compromise.
You can now use the alert ID obtained from creating a new alert definition to create a new indicator of compromise.
[!code[CustomTIAPI](./code/example.ps1#L43-L53)]
## Complete code
You can use the complete code to create calls to the API.
[!code[CustomTIAPI](./code/example.ps1#L1-L53)]