diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 8b98253ff3..391cca39d8 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -92,11 +92,11 @@ ####### [Get alert related file information](windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md) ####### [Get alert related IP information](windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md) ####### [Get alert related machine information](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md) -#######Domain -######## [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md) -######## [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md) -######## [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md) -######## [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md) +######Domain +####### [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md) +####### [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md) +####### [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md) +####### [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md) ######File ####### [Block file API](windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md) @@ -132,6 +132,10 @@ ####### [Restrict app execution API](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md) ####### [Run antivirus scan API](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md) ####### [Stop and quarantine file API](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md) +######Machines Security States +####### [Get MachineSecurityStates collection](windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md) +######Machine Groups +####### [Get MachineGroups collection](windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md) ######User ####### [Get alert related user information](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md) @@ -139,6 +143,10 @@ ####### [Get user related alerts](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md) ####### [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md) +######Windows updates (KB) info +####### [Get KbInfo collection](windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md) +######Common Vulnerabilities and Exposures (CVE) to KB map +####### [Get CVE-KB map](windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md) ##### [Managed security service provider support](windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md index 84687a4883..ee621938a2 100644 --- a/windows/security/threat-protection/windows-defender-atp/TOC.md +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -92,11 +92,12 @@ ###### [Get alert related file information](get-alert-related-files-info-windows-defender-advanced-threat-protection.md) ###### [Get alert related IP information](get-alert-related-ip-info-windows-defender-advanced-threat-protection.md) ###### [Get alert related machine information](get-alert-related-machine-info-windows-defender-advanced-threat-protection.md) -######Domain -####### [Get domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection.md) -####### [Get domain related machines](get-domain-related-machines-windows-defender-advanced-threat-protection.md) -####### [Get domain statistics](get-domain-statistics-windows-defender-advanced-threat-protection.md) -####### [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md) + +#####Domain +###### [Get domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection.md) +###### [Get domain related machines](get-domain-related-machines-windows-defender-advanced-threat-protection.md) +###### [Get domain statistics](get-domain-statistics-windows-defender-advanced-threat-protection.md) +###### [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md) #####File ###### [Block file API](block-file-windows-defender-advanced-threat-protection.md) @@ -132,12 +133,19 @@ ###### [Restrict app execution API](restrict-code-execution-windows-defender-advanced-threat-protection.md) ###### [Run antivirus scan API](run-av-scan-windows-defender-advanced-threat-protection.md) ###### [Stop and quarantine file API](stop-quarantine-file-windows-defender-advanced-threat-protection.md) - +#####Machines Security States +###### [Get MachineSecurityStates collection](get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md) +#####Machine Groups +###### [Get MachineGroups collection](get-machinegroups-collection-windows-defender-advanced-threat-protection.md) #####User ###### [Get alert related user information](get-alert-related-user-info-windows-defender-advanced-threat-protection.md) ###### [Get user information](get-user-information-windows-defender-advanced-threat-protection.md) ###### [Get user related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection.md) ###### [Get user related machines](get-user-related-machines-windows-defender-advanced-threat-protection.md) +#####Windows updates (KB) info +###### [Get KbInfo collection](get-kbinfo-collection-windows-defender-advanced-threat-protection.md) +#####Common Vulnerabilities and Exposures (CVE) to KB map +###### [Get CVE-KB map](get-cvekbmap-collection-windows-defender-advanced-threat-protection.md) #### [Managed security service provider support](mssp-support-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..4a3d1ffbeb --- /dev/null +++ b/windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md @@ -0,0 +1,77 @@ +--- +title: Get CVE-KB map API +description: Retrieves a map of CVE's to KB's. +keywords: apis, graph api, supported apis, get, cve, kb +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: leonidzh +author: mjcaparas +ms.localizationpriority: medium +ms.date: 10/07/2018 +--- + +# Get CVE-KB map API + +**Applies to:** + +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +Retrieves a map of of CVE's to KB's and CVE details. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/cvekbmap +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + +## Request body +Empty + +## Response +If successful and map exists - 200 OK. + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/CveKbMap +Content-type: application/json +``` + +**Response** + +Here is an example of the response. + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#CveKbMap", + "@odata.count": 4168, + "value": [ + { + "cveKbId": "CVE-2015-2482-3097617", + "cveId": "CVE-2015-2482", + "kbId":"3097617", + "title": "Cumulative Security Update for Internet Explorer", + "severity": "Critical" + }, + … +} + +``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..1c1cdeda69 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md @@ -0,0 +1,76 @@ +--- +title: Get KB collection API +description: Retrieves a collection of KB's. +keywords: apis, graph api, supported apis, get, kb +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: leonidzh +author: mjcaparas +ms.localizationpriority: medium +ms.date: 10/07/2018 +--- + +# Get KB collection API + +**Applies to:** + +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +Retrieves a collection of KB's and KB details. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/kbinfo +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + +## Request body +Empty + +## Response +If successful - 200 OK. + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/KbInfo +Content-type: application/json +``` + +**Response** + +Here is an example of the response. + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#KbInfo", + "@odata.count": 271, + "value":[ + { + "id": "KB3097617 (10240.16549) Amd64", + "release": "KB3097617 (10240.16549)", + "publishingDate": "2015-10-16T21:00:00Z", + "version": "10.0.10240.16549", + "architecture": "Amd64" + }, + … +} +``` \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..2e2a0ae684 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md @@ -0,0 +1,76 @@ +--- +title: Get RBAC machine groups collection API +description: Retrieves a collection of RBAC machine groups. +keywords: apis, graph api, supported apis, get, RBAC, group +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: leonidzh +author: mjcaparas +ms.localizationpriority: medium +ms.date: 10/07/2018 +--- + +# Get KB collection API + +**Applies to:** + +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +Retrieves a collection of RBAC machine groups. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/machinegroups +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + +## Request body +Empty + +## Response +If successful - 200 OK. + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/machinegroups +Content-type: application/json +``` + +**Response** + +Here is an example of the response. +Field id contains machine group **id** and equal to field **rbacGroupId** in machines info. +Field **ungrouped** is true only for one group for all machines that have not been assigned to any group. This group as usual has name "UnassignedGroup". + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#MachineGroups", + "@odata.count":7, + "value":[ + { + "id":86, + "name":"UnassignedGroup", + "description":"", + "ungrouped":true}, + … +} +``` \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..1402d68f04 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md @@ -0,0 +1,83 @@ +--- +title: Get machines security states collection API +description: Retrieves a collection of machines security states. +keywords: apis, graph api, supported apis, get, machine, security, state +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: leonidzh +author: mjcaparas +ms.localizationpriority: medium +ms.date: 10/07/2018 +--- + +# Get Machines security states collection API + +**Applies to:** + +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +Retrieves a collection of machines security states. + +## Permissions +User needs read permissions. + +## HTTP request +``` +GET /testwdatppreview/machinesecuritystates +``` + +## Request headers + +Header | Value +:---|:--- +Authorization | Bearer {token}. **Required**. +Content type | application/json + +## Request body +Empty + +## Response +If successful - 200 OK. + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://graph.microsoft.com/testwdatppreview/machinesecuritystates +Content-type: application/json +``` + +**Response** + +Here is an example of the response. +Field *id* contains machine id and equal to the field *id** in machines info. + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#MachineSecurityStates", + "@odata.count":444, + "@odata.nextLink":"https://graph.microsoft.com/testwdatppreview/machinesecuritystates?$skiptoken=[continuation token]", + "value":[ + { + "id":"000050e1b4afeee3742489ede9ad7a3e16bbd9c4", + "build":14393, + "revision":2485, + "architecture":"Amd64", + "osVersion":"10.0.14393.2485.amd64fre.rs1_release.180827-1809", + "propertiesRequireAttention":[ + "AntivirusNotReporting", + "EdrImpairedCommunications" + ] + }, + … + ] +} +``` \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md index 2969a1b1a1..c32acad7cf 100644 --- a/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md @@ -88,4 +88,5 @@ Machines that are not matched to any groups are added to Ungrouped machines (def ## Related topic -- [Manage portal access using role-based based access control](rbac-windows-defender-advanced-threat-protection.md) \ No newline at end of file +- [Manage portal access using role-based based access control](rbac-windows-defender-advanced-threat-protection.md) +- [Get list of tenant machine groups using Graph API](get-machinegroups-collection-windows-defender-advanced-threat-protection.md) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md index a6c64df7ff..bc16fe2624 100644 --- a/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md @@ -34,4 +34,8 @@ File | Run API calls such as get file information, file related alerts, file rel IP | Run API calls such as get IP related alerts, IP related machines, IP statistics, and check if and IP is seen in your organization. Machines | Run API calls such as find machine information by IP, get machines, get machines by ID, information about logged on users, and alerts related to a given machine ID. User | Run API calls such as get alert related user information, user information, user related alerts, and user related machines. +KbInfo | Run API call that gets list of Windows KB's information +CveKbMap | Run API call that gets mapping of CVE's to corresponding KB's +MachineSecurityStates | Run API call that gets list of machines with their security properties and versions +MachineGroups | Run API call that gets list of machine group definitions