Revert "Adding Advanced Hunting API documentation"

This reverts commit e621b807f1c8cba5601928e0013fbf11a6d6abcb.

windows/security/threat-protection/windows-defender-atp/TOC.md

@@ -95,12 +95,6 @@
 #### [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md)
 #### [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
 #### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
-
-### [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection-new.md)
-#### Supported Windows Defender ATP APIs
-##### [Advanced Hunting](run-advanced-query-windows-defender-advanced-threat-protection)
-
-
 ### [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md)
 #### [Supported Windows Defender ATP APIs](supported-apis-windows-defender-advanced-threat-protection.md)
 #####Actor

windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection-new.md

@@ -1,96 +0,0 @@
----
-title: Use the Windows Defender Advanced Threat Protection exposed APIs  
-description: Use the exposed data and actions using a set of progammatic APIs that are part of the Microsoft Intelligence Security Graph.
-keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file, advanced hunting, query
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-ms.date: 10/23/2017
----
-
-# Use the Windows Defender ATP exposed APIs 
-
-**Applies to:**
-
-- Windows 10 Enterprise
-- Windows 10 Education
-- Windows 10 Pro
-- Windows 10 Pro Education
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
-
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
-
-Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Windows Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
-
-In general, you’ll need to take the following steps to use the APIs:
--	Create an app
--	Get an access token
--	Use Windows Defender ATP API
-
-### Before you begin
-Before using the APIs, you’ll need to create an app that you’ll use to authenticate against the graph. You’ll need to create a web app to use for the adhoc queries. 
-
-## Create an app
-
-1.	Log on to [Azure](https://portal.azure.com).
-
-2.	Navigate to **Azure Active Directory** > **App registrations** > **New application registration**. 
-
-    ![Image of Microsoft Azure and navigation to application registration](images/atp-azure-new-app.png)
-
-3.	In the Create window, enter the following information then click **Create**.
-
-    ![Image of Create application window](images/webapp-create.png)
-
-    - **Name:** WdatpEcosystemPartner
-    - **Application type:** Web app / API
-    - **Redirect URI:** `https://WdatpEcosystemPartner.com` (The URL where user can sign in and use your app. You can change this URL later.)
-
-
-4.	Click **Settings** > **Required permissions** > **Add**.
-    ![Image of new app in Azure](images/webapp-add-permission.png)
-
-5.	Click **Select an API** > **WindowsDefenderATP**, then click **Select**. 
-**Note**: WindowsDefenderATP does not appear in the original list. You need to start writing its name in the text box to see it appear.
-
-    ![Image of API access and API selection](images/webapp-add-permission-2.png)
-
-6. Click **Select permissions** > **Run advanced queries** > **Select**.
-**Important note**: You need to select the relevant permission. 'Run advanced queries' is only an example!
-
-    ![Image of select permissions](images/webapp-select-permission.png)
-
-In order to send telemetry events to WDATP, check 'Write timeline events' permission
-In order to send TI events to WDATP, check 'Read and write IOCs belonging to the app' permission
-In order to run advanced queries in WDATP, check 'Run advanced queries' permission
-
-7. Click **Done**
-
-    ![Image of add permissions completion](images/webapp-add-permission-end.png)
-
-8. Click **Keys** and type a key name and click **Save**.
-After you save, **copy the key value**. You won't be able to retrieve after you leave!
-
-    ![Image of create app key](images/webapp-create-key.png)
-
-9. Write down your application ID.
-    
-	![Image of app ID](images/webapp-get-appid.png)
-
-9. (**Optional**)Set your application to be multi-tenanted
-	
-This is required for 3rd party apps (i.e., if you create an application that is intended to run in multiple customers tenant).
-This is not required if you create a service that you want to run in your tenant only (i.e., if you create an application for your own usage that will only interact with your own data)​
-
-Click **Properties** > **Yes** > **Save**.
-
-	![Image of multi tenant](images/webapp-edit-multitenant.png)
-	
-

windows/security/threat-protection/windows-defender-atp/run-advanced-query-windows-defender-advanced-threat-protection.md

@@ -1,106 +0,0 @@
----
-title: Collect investigation package API
-description: Use this API to create calls related to the collecting an investigation package from a machine.
-keywords: apis, graph api, supported apis, collect investigation package
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-ms.date: 12/08/2017
----
-
-# Collect investigation package API
-
-**Applies to:**
-
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
-
-
-Run advanced query.
-
-## Permissions
-Application needs 'Run advanced queries' role.
-
-## HTTP request
-```
-POST /advancedqueries/query
-```
-
-## Request headers
-
-Header | Value 
-:---|:---
-Authorization | Bearer {token}. Required.
-Content-Type	| application/json
-
-## Request body
-In the request body, supply a JSON object with the following parameters:
-
-Parameter |	Type	| Description
-:---|:---|:---
-Query |	Text |	The query to run. **Required**.
-
-## Response
-If successful, this method returns 200 OK, and _QueryResponse_ object in the response body.
-
-
-## Example
-
-Request
-
-Here is an example of the request.
-
-```
-POST https://api.securitycenter.windows.com/advancedqueries/query
-Content-type: application/json
-{
-  "ProcessCreationEvents  
-| where InitiatingProcessFileName =~ \"powershell.exe\"
-| where ProcessCommandLine contains \"appdata\"
-| project EventTime, FileName, InitiatingProcessFileName 
-| limit 2"​
-}
-```
-
-Response
-
-Here is an example of the response.
-
->[!NOTE]
->The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
-
-```
-HTTP/1.1 200 OK
-Content-Type: application/json​
-{
-	"Schema": [{
-		"Name": "EventTime",
-		"Type": "DateTime"
-	},
-	{
-		"Name": "FileName",
-		"Type": "String"
-	},
-	{
-		"Name": "InitiatingProcessFileName",
-		"Type": "String"
-	}],
-	"Results": [{
-		"EventTime": "2018-07-09T07:16:26.8017265",
-		"FileName": "csc.exe",
-		"InitiatingProcessFileName": "powershell.exe"
-	},
-	{
-		"EventTime": "2018-07-08T19:00:02.7798905",
-		"FileName": "gpresult.exe",
-		"InitiatingProcessFileName": "powershell.exe"
-	}]
-}
-
-
-```