diff --git a/windows/keep-secure/code/example-script.ps1 b/windows/keep-secure/code/example-script.ps1 deleted file mode 100644 index e6563c2378..0000000000 --- a/windows/keep-secure/code/example-script.ps1 +++ /dev/null @@ -1,60 +0,0 @@ -$authUrl = 'Your Authorization URL' -$clientId = 'Your Client ID' -$clientSecret = 'Your Client Secret' - - -Try -{ - $tokenPayload = @{ - "resource" = 'https://graph.windows.net' - "client_id" = $clientId - "client_secret" = $clientSecret - "grant_type"='client_credentials'} - - "Fetching an access token" - $response = Invoke-RestMethod $authUrl -Method Post -Body $tokenPayload - $token = $response.access_token - "Token fetched successfully" - - $headers = @{ - "Content-Type" = "application/json" - "Accept" = "application/json" - "Authorization" = "Bearer {0}" -f $token } - - $apiBaseUrl = "https://ti.securitycenter.windows.com/V1.0/" - - $alertDefinitionPayload = @{ - "Name" = "Test Alert" - "Severity" = "Medium" - "InternalDescription" = "A test alert used to demonstrate the Windows Defender ATP TI API feature" - "Title" = "Test alert." - "UxDescription" = "This is a test alert based on a sample custom alert definition. This alert was triggered manually using a provided test command. It indicates that the Threat Intelligence API has been properly enabled." - "RecommendedAction" = "No recommended action for this test alert." - "Category" = "SuspiciousNetworkTraffic" - "Enabled" = "true"} - "Creating an Alert Definition" - $alertDefinition = - Invoke-RestMethod ("{0}AlertDefinitions" -f $apiBaseUrl) ` - -Method Post -Headers $headers -Body ($alertDefinitionPayload | ConvertTo-Json) - "Alert Definition created successfully" - $alertDefinitionId = $alertDefinition.Id - - $iocPayload = @{ - "Type"="IpAddress" - "Value"="52.184.197.12" - "DetectionFunction"="Equals" - "Enabled"="true" - "AlertDefinition@odata.bind"="AlertDefinitions({0})" -f $alertDefinitionId } - - "Creating an Indicator of Compromise" - $ioc = - Invoke-RestMethod ("{0}IndicatorsOfCompromise" -f $apiBaseUrl) ` - -Method Post -Headers $headers -Body ($iocPayload | ConvertTo-Json) - "Indicator of Compromise created successfully" - - "All done!" -} -Catch -{ - 'Something went wrong! Got the following exception message: {0}' -f $_.Exception.Message -} diff --git a/windows/keep-secure/code/example.ps1 b/windows/keep-secure/code/example.ps1 deleted file mode 100644 index 6941c80627..0000000000 --- a/windows/keep-secure/code/example.ps1 +++ /dev/null @@ -1,50 +0,0 @@ -$authUrl = 'Your Authorization URL' -$clientId = 'Your Client ID' -$clientSecret = 'Your Client Secret' - -$tokenPayload = @{ - "resource"='https://graph.windows.net' - "client_id" = $clientId - "client_secret" = $clientSecret - "grant_type"='client_credentials'} - -$response = Invoke-RestMethod $authUrl -Method Post -Body $tokenPayload -$token = $response.access_token - -$headers = @{ - "Content-Type"="application/json" - "Accept"="application/json" - "Authorization"="Bearer {0}" -f $token } - -$apiBaseUrl = "https://ti.securitycenter.windows.com/V1.0/" - -$alertDefinitions = - (Invoke-RestMethod ("{0}AlertDefinitions" -f $apiBaseUrl) -Method Get -Headers $headers).value - -$alertDefinitionPayload = @{ - "Name"= "The alert's name" - "Severity"= "Low" - "InternalDescription"= "An internal description of the Alert" - "Title"= "The Title" - "UxDescription"= "Description of the alerts" - "RecommendedAction"= "The alert's recommended action" - "Category"= "Trojan" - "Enabled"= "true"} - -$alertDefinition = - Invoke-RestMethod ("{0}AlertDefinitions" -f $apiBaseUrl) ` - -Method Post -Headers $headers -Body ($alertDefinitionPayload | ConvertTo-Json) - -$alertDefinitionId = $alertDefinition.Id - -$iocPayload = @{ - "Type"="Sha1" - "Value"="dead1111eeaabbccddeeaabbccddee11ffffffff" - "DetectionFunction"="Equals" - "Enabled"="true" - "AlertDefinition@odata.bind"="AlertDefinitions({0})" -f $alertDefinitionId } - - -$ioc = - Invoke-RestMethod ("{0}IndicatorsOfCompromise" -f $apiBaseUrl) ` - -Method Post -Headers $headers -Body ($iocPayload | ConvertTo-Json) diff --git a/windows/keep-secure/code/example.py b/windows/keep-secure/code/example.py deleted file mode 100644 index 6203b5230b..0000000000 --- a/windows/keep-secure/code/example.py +++ /dev/null @@ -1,51 +0,0 @@ -import json -import requests -from pprint import pprint - -auth_url="Your Authorization URL" -client_id="Your Client ID" -client_secret="Your Client Secret" - -payload = {"resource": "https://graph.windows.net", - "client_id": client_id, - "client_secret": client_secret, - "grant_type": "client_credentials"} - -response = requests.post(auth_url, payload) -token = json.loads(response.text)["access_token"] - -with requests.Session() as session: - session.headers = { - 'Authorization': 'Bearer {}'.format(token), - 'Content-Type': 'application/json', - 'Accept': 'application/json'} - - response = session.get("https://ti.securitycenter.windows.com/V1.0/AlertDefinitions") - pprint(json.loads(response.text)) - - alert_definition = {"Name": "The alert's name", - "Severity": "Low", - "InternalDescription": "An internal description of the alert", - "Title": "The Title", - "UxDescription": "Description of the alerts", - "RecommendedAction": "The alert's recommended action", - "Category": "Trojan", - "Enabled": True} - - response = session.post( - "https://ti.securitycenter.windows.com/V1.0/AlertDefinitions", - json=alert_definition) - - alert_definition_id = json.loads(response.text)["Id"] - - ioc = {'Type': "Sha1", - 'Value': "dead1111eeaabbccddeeaabbccddee11ffffffff", - 'DetectionFunction': "Equals", - 'Enabled': True, - "AlertDefinition@odata.bind": "AlertDefinitions({0})".format(alert_definition_id)} - - response = session.post( - "https://ti.securitycenter.windows.com/V1.0/IndicatorsOfCompromise", - json=ioc) - - pprint(json.loads(response.text))