From 99e690cd378c113a095c9cc73185e173f00fdcf8 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Wed, 31 Jul 2019 14:55:31 -0400 Subject: [PATCH] Creating a WDATP alert requires recommendedAction Otherwise the following will be returned by the API: ``` {"error":{"code":"BadRequest","message":"recommendedAction argument is missing"}} ``` --- .../microsoft-defender-atp/create-alert-by-reference.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md index c100b9ddf2..f4a2b266d9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md @@ -61,7 +61,7 @@ machineId | String | Id of the machine on which the event was identified. **Requ severity | String | Severity of the alert. The property values are: 'Low', 'Medium' and 'High'. **Required**. title | String | Title for the alert. **Required**. description | String | Description of the alert. **Required**. -recommendedAction| String | Action that is recommended to be taken by security officer when analyzing the alert. +recommendedAction| String | Action that is recommended to be taken by security officer when analyzing the alert. **Required**. eventTime | DateTime(UTC) | The time of the event, as obtained from the advanced query. **Required**. reportId | String | The reportId, as obtained from the advanced query. **Required**. category| String | Category of the alert. The property values are: 'None', 'SuspiciousActivity', 'Malware', 'CredentialTheft', 'Exploit', 'WebExploit', 'DocumentExploit', 'PrivilegeEscalation', 'Persistence', 'RemoteAccessTool', 'CommandAndControl', 'SuspiciousNetworkTraffic', 'Ransomware', 'MalwareDownload', 'Reconnaissance', 'WebFingerprinting', 'Weaponization', 'Delivery', 'SocialEngineering', 'CredentialStealing', 'Installation', 'Backdoor', 'Trojan', 'TrojanDownloader', 'LateralMovement', 'ExplorationEnumeration', 'NetworkPropagation', 'Exfiltration', 'NotApplicable', 'EnterprisePolicy' and 'General'.