mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-17 11:23:45 +00:00
s
This commit is contained in:
@ -27,7 +27,7 @@ ms.date: 11/15/2018
|
|||||||
|
|
||||||
- [Alert](alerts-windows-defender-advanced-threat-protection-new.md): Id, IncidentId, AlertCreationTime, Status, Severity and Category.
|
- [Alert](alerts-windows-defender-advanced-threat-protection-new.md): Id, IncidentId, AlertCreationTime, Status, Severity and Category.
|
||||||
- [Machine](machine-windows-defender-advanced-threat-protection-new.md): Id, ComputerDnsName, LastSeen, LastIpAddress, HealthStatus, OsPlatform, RiskScore, MachineTags and RbacGroupId.
|
- [Machine](machine-windows-defender-advanced-threat-protection-new.md): Id, ComputerDnsName, LastSeen, LastIpAddress, HealthStatus, OsPlatform, RiskScore, MachineTags and RbacGroupId.
|
||||||
- [MachineAction](machineaction-windows-defender-advanced-threat-protection-new.md): Id, Status, MachineId, Type and CreationDateTimeUtc.
|
- [MachineAction](machineaction-windows-defender-advanced-threat-protection-new.md): Id, Status, MachineId, Type, Requestor and CreationDateTimeUtc.
|
||||||
|
|
||||||
### Example 1
|
### Example 1
|
||||||
|
|
||||||
|
@ -23,7 +23,7 @@ ms.date: 12/08/2017
|
|||||||
|
|
||||||
- Gets collection of actions done on machines.
|
- Gets collection of actions done on machines.
|
||||||
- Get MachineAction collection API supports [OData V4 queries](https://www.odata.org/documentation/).
|
- Get MachineAction collection API supports [OData V4 queries](https://www.odata.org/documentation/).
|
||||||
- The OData's Filter query is supported on: "Id", "Status", "MachineId", "Type" and "CreationDateTimeUtc".
|
- The OData's Filter query is supported on: "Id", "Status", "MachineId", "Type", "Requestor" and "CreationDateTimeUtc".
|
||||||
- See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
|
- See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
|
@ -0,0 +1,104 @@
|
|||||||
|
---
|
||||||
|
title: Stop and quarantine file API
|
||||||
|
description: Use this API to stop and quarantine file.
|
||||||
|
keywords: apis, graph api, supported apis, stop and quarantine file
|
||||||
|
search.product: eADQiWindows 10XVcnh
|
||||||
|
ms.prod: w10
|
||||||
|
ms.mktglfcycl: deploy
|
||||||
|
ms.sitesec: library
|
||||||
|
ms.pagetype: security
|
||||||
|
ms.author: macapara
|
||||||
|
author: mjcaparas
|
||||||
|
ms.localizationpriority: medium
|
||||||
|
ms.date: 12/08/2017
|
||||||
|
---
|
||||||
|
|
||||||
|
# Stop and quarantine file API
|
||||||
|
|
||||||
|
**Applies to:**
|
||||||
|
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||||
|
|
||||||
|
[!include[Prerelease<73>information](prerelease.md)]
|
||||||
|
|
||||||
|
- Stop execution of a file on a machine and delete it.
|
||||||
|
|
||||||
|
[!include[Machine actions note](machineactionsnote.md)]
|
||||||
|
|
||||||
|
## Permissions
|
||||||
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
|
||||||
|
|
||||||
|
Permission type | Permission | Permission display name
|
||||||
|
:---|:---|:---
|
||||||
|
Application | Machine.StopAndQuarantine | 'Stop And Quarantine'
|
||||||
|
Delegated (work or school account) | Machine.StopAndQuarantine | 'Stop And Quarantine'
|
||||||
|
|
||||||
|
>[!Note]
|
||||||
|
> When obtaining a token using user credentials:
|
||||||
|
>- The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
|
||||||
|
>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
|
||||||
|
|
||||||
|
## HTTP request
|
||||||
|
```
|
||||||
|
POST https://api.securitycenter.windows.com/api/machines/{id}/StopAndQuarantineFile
|
||||||
|
```
|
||||||
|
|
||||||
|
## Request headers
|
||||||
|
|
||||||
|
Name | Type | Description
|
||||||
|
:---|:---|:---
|
||||||
|
Authorization | String | Bearer {token}. **Required**.
|
||||||
|
Content-Type | string | application/json. **Required**.
|
||||||
|
|
||||||
|
## Request body
|
||||||
|
In the request body, supply a JSON object with the following parameters:
|
||||||
|
|
||||||
|
Parameter | Type | Description
|
||||||
|
:---|:---|:---
|
||||||
|
Comment | String | Comment to associate with the action. **Required**.
|
||||||
|
|
||||||
|
## Response
|
||||||
|
If successful, this method returns 201 - Created response code and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) in the response body.
|
||||||
|
|
||||||
|
|
||||||
|
## Example
|
||||||
|
|
||||||
|
**Request**
|
||||||
|
|
||||||
|
Here is an example of the request.
|
||||||
|
|
||||||
|
```
|
||||||
|
POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/StopAndQuarantineFile
|
||||||
|
Content-type: application/json
|
||||||
|
{
|
||||||
|
"Comment": "Stop and quarantine file on machine due to alert 441688558380765161_2136280442",
|
||||||
|
"Sha1": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9"
|
||||||
|
}
|
||||||
|
|
||||||
|
```
|
||||||
|
**Response**
|
||||||
|
|
||||||
|
Here is an example of the response.
|
||||||
|
|
||||||
|
[!include[Improve request performance](improverequestperformance-new.md)]
|
||||||
|
|
||||||
|
```
|
||||||
|
HTTP/1.1 201 Created
|
||||||
|
Content-type: application/json
|
||||||
|
{
|
||||||
|
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions/$entity",
|
||||||
|
"id": "141408d1-384c-4c19-8b57-ba39e378011a",
|
||||||
|
"type": "StopAndQuarantineFile",
|
||||||
|
"requestor": "Analyst@contoso.com ",
|
||||||
|
"requestorComment": "Stop and quarantine file on machine due to alert 441688558380765161_2136280442",
|
||||||
|
"status": "InProgress",
|
||||||
|
"machineId": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
|
||||||
|
"creationDateTimeUtc": "2018-12-04T12:15:04.3825985Z",
|
||||||
|
"lastUpdateTimeUtc": "2018-12-04T12:15:04.3825985Z",
|
||||||
|
"relatedFileInfo": {
|
||||||
|
"fileIdentifier": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9",
|
||||||
|
"fileIdentifierType": "Sha1"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
```
|
||||||
|
|
Reference in New Issue
Block a user