diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 6568445c8a..47d3a0ac90 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -851,21 +851,11 @@ "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -981,16 +971,6 @@ "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -1001,171 +981,6 @@ "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -1196,21 +1011,6 @@ "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -1281,11 +1081,6 @@ "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -1301,16 +1096,6 @@ "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -1331,16 +1116,6 @@ "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -1376,21 +1151,6 @@ "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -13909,6 +13669,245 @@ "source_path": "windows/privacy/manage-windows-endpoints.md", "redirect_url": "/windows/privacy/manage-windows-1809-endpoints", "redirect_document_id": true -} +}, +{ +"source_path":"windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +},{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, ] } diff --git a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md index ed7d4a50ad..a30bed2776 100644 --- a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md @@ -6,9 +6,15 @@ ms.prod: w10 ms.mktglfcycl: explore ms.pagetype: security ms.sitesec: library -ms.author: justinha -ms.date: 05/30/2018 +ms.pagetype: security ms.localizationpriority: medium +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Unenlightened and enlightened app behavior while using Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md index 7c0b4e23ef..137f60c277 100644 --- a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md +++ b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md @@ -5,9 +5,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 09/11/2017 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # How to collect Windows Information Protection (WIP) audit event logs diff --git a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md index 0743b419b6..752c36ecf3 100644 --- a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md +++ b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 10/31/2017 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate diff --git a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md index 06c6f03b54..b96fe95c7b 100644 --- a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -ms.author: justinha -ms.date: 05/30/2018 ms.localizationpriority: medium +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Associate and deploy a VPN policy for Windows Information Protection (WIP) using the Azure portal for Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md index faaddea437..cd3a0e3848 100644 --- a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md +++ b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md @@ -7,9 +7,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 09/11/2017 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Associate and deploy a VPN policy for Windows Information Protection (WIP) using the classic console for Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index addb2e2df0..e748a7ae20 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -5,10 +5,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security +ms.localizationpriority: medium author: justinha ms.author: justinha -ms.localizationpriority: medium -ms.date: 09/19/2018 +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md index 6593dc47a3..6e09af0066 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -ms.author: justinha -ms.date: 08/08/2018 ms.localizationpriority: medium +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Create a Windows Information Protection (WIP) policy using the classic console for Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md index 1462462e93..1e940e8137 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md @@ -5,10 +5,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security +ms.localizationpriority: medium author: justinha ms.author: justinha -ms.date: 08/08/2018 -localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Create a Windows Information Protection (WIP) policy with MAM using the Azure portal for Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md index e766991a5a..2783e1edb2 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md @@ -7,9 +7,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 08/08/2018 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager diff --git a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md index 3ff66496cf..f76e952f71 100644 --- a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 10/15/2018 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md index 6d41dd0d2a..6f1c74f23f 100644 --- a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md +++ b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md @@ -7,9 +7,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 08/08/2018 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Deploy your Windows Information Protection (WIP) policy using the classic console for Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md index 52503527a1..3de2479c2a 100644 --- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md +++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md @@ -7,9 +7,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 10/11/2018 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # List of enlightened Microsoft apps for use with Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md index f02c43a630..437815bd4a 100644 --- a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md +++ b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md @@ -7,9 +7,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 09/11/2017 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # General guidance and best practices for Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md index 06c7985b9c..3b2125c461 100644 --- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md @@ -6,8 +6,13 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 02/26/2019 --- diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md index 2c82639fdb..787a6cfba1 100644 --- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md @@ -6,10 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security +ms.localizationpriority: medium author: justinha ms.author: justinha -ms.date: 12/18/2018 -ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Limitations while using Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md index 4005e8742f..ecb1b8af14 100644 --- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -ms.author: justinha -ms.date: 05/30/2018 ms.localizationpriority: medium +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Mandatory tasks and settings required to turn on Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-sccm.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-sccm.md index 6baff2c026..b577d9e9e5 100644 --- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-sccm.md +++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-sccm.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 10/13/2017 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Create a Windows Information Protection (WIP) policy using System Center Configuration Manager diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md index e160720d9f..eca0d84acb 100644 --- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md +++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 10/13/2017 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Create a Windows Information Protection (WIP) policy using Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md index 49ed1d9865..5768cd40ed 100644 --- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md +++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md @@ -7,9 +7,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -ms.author: justinha -ms.date: 02/11/2019 ms.localizationpriority: medium +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Protect your enterprise data using Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md index ea566d653b..4af9ce947b 100644 --- a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -ms.author: justinha -ms.date: 02/11/2019 ms.localizationpriority: medium +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md index fda5027ad2..b00cdeb40f 100644 --- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md @@ -7,9 +7,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 09/11/2017 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Testing scenarios for Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md index 49ceafd5b2..4f4a47aff3 100644 --- a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -ms.author: justinha -ms.date: 02/07/2019 ms.localizationpriority: medium +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Using Outlook on the web with Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md index b971c3a054..13b9c07410 100644 --- a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md +++ b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -ms.author: justinha -ms.date: 05/30/2018 ms.localizationpriority: medium +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Determine the Enterprise Context of an app running in Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/wip-learning.md b/windows/security/information-protection/windows-information-protection/wip-learning.md index 8bb9b2c5d5..6574cf15e2 100644 --- a/windows/security/information-protection/windows-information-protection/wip-learning.md +++ b/windows/security/information-protection/windows-information-protection/wip-learning.md @@ -8,10 +8,14 @@ ms.prod: w10 ms.mktglfcycl: ms.sitesec: library ms.pagetype: security +ms.localizationpriority: medium author: justinha ms.author: justinha -ms.localizationpriority: medium -ms.date: 10/15/2018 +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Fine-tune Windows Information Protection (WIP) with WIP Learning diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 0f53d4d147..cb808fca31 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -304,66 +304,6 @@ ######## [PowerShell](windows-defender-atp/exposed-apis-full-sample-powershell.md) ####### [Using OData Queries](windows-defender-atp/exposed-apis-odata-samples.md) -##### [Use the Windows Defender ATP exposed APIs (deprecated)](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md) -###### [Supported Windows Defender ATP APIs (deprecated)](windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md) -#######Actor (deprecated) -######## [Get actor information (deprecated)](windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md) -######## [Get actor related alerts (deprecated)](windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md) -#######Alerts (deprecated) -######## [Get alerts (deprecated)](windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md) -######## [Get alert information by ID (deprecated)](windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md) -######## [Get alert related actor information (deprecated)](windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md) -######## [Get alert related domain information (deprecated)](windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md) -######## [Get alert related file information (deprecated)](windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md) -######## [Get alert related IP information (deprecated)](windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md) -######## [Get alert related machine information (deprecated)](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md) -#######Domain (deprecated) -######## [Get domain related alerts (deprecated)](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md) -######## [Get domain related machines (deprecated)](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md) -######## [Get domain statistics (deprecated)](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md) -######## [Is domain seen in organization (deprecated)](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md) - -#######File(deprecated) -######## [Block file (deprecated)](windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md) -######## [Get file information (deprecated)](windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md) -######## [Get file related alerts (deprecated)](windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md) -######## [Get file related machines (deprecated)](windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md) -######## [Get file statistics (deprecated)](windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md) -######## [Get FileActions collection (deprecated)](windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md) -######## [Unblock file (deprecated)](windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md) - -#######IP (deprecated) -######## [Get IP related alerts (deprecated)](windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md) -######## [Get IP related machines (deprecated)](windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md) -######## [Get IP statistics (deprecated)](windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md) -######## [Is IP seen in organization (deprecated)](windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md) -#######Machines (deprecated) -######## [Collect investigation package (deprecated)](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md) -######## [Find machine information by IP (deprecated)](windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md) -######## [Get machines (deprecated)](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md) -######## [Get FileMachineAction object (deprecated)](windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md) -######## [Get FileMachineActions collection (deprecated)](windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md) -######## [Get machine by ID (deprecated)](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md) -######## [Get machine log on users (deprecated)](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md) -######## [Get machine related alerts (deprecated)](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md) -######## [Get MachineAction object (deprecated)](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md) -######## [Get MachineActions collection (deprecated)](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md) -######## [Get machines (deprecated)](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md) -######## [Get package SAS URI (deprecated)](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md) -######## [Isolate machine (deprecated)](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md) -######## [Release machine from isolation (deprecated)](windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md) -######## [Remove app restriction (deprecated)](windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md) -######## [Request sample (deprecated)](windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md) -######## [Restrict app execution (deprecated)](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md) -######## [Run antivirus scan (deprecated)](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md) -######## [Stop and quarantine file (deprecated)](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md) - -#######User (deprecated) -######## [Get alert related user information (deprecated)](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md) -######## [Get user information (deprecated)](windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md) -######## [Get user related alerts (deprecated)](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md) -######## [Get user related machines (deprecated)](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md) - #####Windows updates (KB) info ###### [Get KbInfo collection](windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md) @@ -371,22 +311,14 @@ ###### [Get CVE-KB map](windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md) - - - - - - - ##### API for custom alerts ###### [Enable the custom threat intelligence application](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md) -###### [Use the Windows Defender ATP exposed APIs](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md) -####### [Use the threat intelligence API to create custom alerts](windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md) -####### [Create custom threat intelligence alerts](windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md) -####### [PowerShell code examples](windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md) -####### [Python code examples](windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md) -####### [Experiment with custom threat intelligence alerts](windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md) -####### [Troubleshoot custom threat intelligence issues](windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) +###### [Use the threat intelligence API to create custom alerts](windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md) +###### [Create custom threat intelligence alerts](windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md) +###### [PowerShell code examples](windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md) +###### [Python code examples](windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md) +###### [Experiment with custom threat intelligence alerts](windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md) +###### [Troubleshoot custom threat intelligence issues](windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) ##### [Pull alerts to your SIEM tools](windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 028116204e..d81a0d9707 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -106,7 +106,7 @@ Create custom threat intelligence and use a powerful search and query tool to hu Integrate Windows Defender Advanced Threat Protection into your existing workflows. - [Onboarding](windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md) - [API and SIEM integration](windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md) -- [Exposed APIs](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md) +- [Exposed APIs](windows-defender-atp/use-apis.md) - [Role-based access control (RBAC)](windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md) - [Reporting and trends](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md index 8cf2a7e7c6..f89dbc8e24 100644 --- a/windows/security/threat-protection/windows-defender-atp/TOC.md +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -298,98 +298,16 @@ ###### Multiple APIs ####### [PowerShell](exposed-apis-full-sample-powershell.md) ###### [Using OData Queries](exposed-apis-odata-samples.md) - -#### [Use the Windows Defender ATP exposed APIs (deprecated)](exposed-apis-windows-defender-advanced-threat-protection.md) -##### [Supported Windows Defender ATP APIs (deprecated)](supported-apis-windows-defender-advanced-threat-protection.md) -######Actor (deprecated) -####### [Get actor information (deprecated)](get-actor-information-windows-defender-advanced-threat-protection.md) -####### [Get actor related alerts (deprecated)](get-actor-related-alerts-windows-defender-advanced-threat-protection.md) -######Alerts (deprecated) -####### [Get alerts (deprecated)](get-alerts-windows-defender-advanced-threat-protection.md) -####### [Get alert information by ID (deprecated)](get-alert-info-by-id-windows-defender-advanced-threat-protection.md) -####### [Get alert related actor information (deprecated)](get-alert-related-actor-info-windows-defender-advanced-threat-protection.md) -####### [Get alert related domain information (deprecated)](get-alert-related-domain-info-windows-defender-advanced-threat-protection.md) -####### [Get alert related file information (deprecated)](get-alert-related-files-info-windows-defender-advanced-threat-protection.md) -####### [Get alert related IP information (deprecated)](get-alert-related-ip-info-windows-defender-advanced-threat-protection.md) -####### [Get alert related machine information (deprecated)](get-alert-related-machine-info-windows-defender-advanced-threat-protection.md) -######Domain (deprecated) -####### [Get domain related alerts (deprecated)](get-domain-related-alerts-windows-defender-advanced-threat-protection.md) -####### [Get domain related machines (deprecated)](get-domain-related-machines-windows-defender-advanced-threat-protection.md) -####### [Get domain statistics (deprecated)](get-domain-statistics-windows-defender-advanced-threat-protection.md) -####### [Is domain seen in organization (deprecated)](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md) - -######File(deprecated) -####### [Block file (deprecated)](block-file-windows-defender-advanced-threat-protection.md) -####### [Get file information (deprecated)](get-file-information-windows-defender-advanced-threat-protection.md) -####### [Get file related alerts (deprecated)](get-file-related-alerts-windows-defender-advanced-threat-protection.md) -####### [Get file related machines (deprecated)](get-file-related-machines-windows-defender-advanced-threat-protection.md) -####### [Get file statistics (deprecated)](get-file-statistics-windows-defender-advanced-threat-protection.md) -####### [Get FileActions collection (deprecated)](get-fileactions-collection-windows-defender-advanced-threat-protection.md) -####### [Unblock file (deprecated)](unblock-file-windows-defender-advanced-threat-protection.md) - -######IP (deprecated) -####### [Get IP related alerts (deprecated)](get-ip-related-alerts-windows-defender-advanced-threat-protection.md) -####### [Get IP related machines (deprecated)](get-ip-related-machines-windows-defender-advanced-threat-protection.md) -####### [Get IP statistics (deprecated)](get-ip-statistics-windows-defender-advanced-threat-protection.md) -####### [Is IP seen in organization (deprecated)](is-ip-seen-org-windows-defender-advanced-threat-protection.md) -######Machines (deprecated) -####### [Collect investigation package (deprecated)](collect-investigation-package-windows-defender-advanced-threat-protection.md) -####### [Find machine information by IP (deprecated)](find-machine-info-by-ip-windows-defender-advanced-threat-protection.md) -####### [Get machines (deprecated)](get-machines-windows-defender-advanced-threat-protection.md) -####### [Get FileMachineAction object (deprecated)](get-filemachineaction-object-windows-defender-advanced-threat-protection.md) -####### [Get FileMachineActions collection (deprecated)](get-filemachineactions-collection-windows-defender-advanced-threat-protection.md) -####### [Get machine by ID (deprecated)](get-machine-by-id-windows-defender-advanced-threat-protection.md) -####### [Get machine log on users (deprecated)](get-machine-log-on-users-windows-defender-advanced-threat-protection.md) -####### [Get machine related alerts (deprecated)](get-machine-related-alerts-windows-defender-advanced-threat-protection.md) -####### [Get MachineAction object (deprecated)](get-machineaction-object-windows-defender-advanced-threat-protection.md) -####### [Get MachineActions collection (deprecated)](get-machineactions-collection-windows-defender-advanced-threat-protection.md) -####### [Get machines (deprecated)](get-machines-windows-defender-advanced-threat-protection.md) -####### [Get package SAS URI (deprecated)](get-package-sas-uri-windows-defender-advanced-threat-protection.md) -####### [Isolate machine (deprecated)](isolate-machine-windows-defender-advanced-threat-protection.md) -####### [Release machine from isolation (deprecated)](unisolate-machine-windows-defender-advanced-threat-protection.md) -####### [Remove app restriction (deprecated)](unrestrict-code-execution-windows-defender-advanced-threat-protection.md) -####### [Request sample (deprecated)](request-sample-windows-defender-advanced-threat-protection.md) -####### [Restrict app execution (deprecated)](restrict-code-execution-windows-defender-advanced-threat-protection.md) -####### [Run antivirus scan (deprecated)](run-av-scan-windows-defender-advanced-threat-protection.md) -####### [Stop and quarantine file (deprecated)](stop-quarantine-file-windows-defender-advanced-threat-protection.md) - -######User (deprecated) -####### [Get alert related user information (deprecated)](get-alert-related-user-info-windows-defender-advanced-threat-protection.md) -####### [Get user information (deprecated)](get-user-information-windows-defender-advanced-threat-protection.md) -####### [Get user related alerts (deprecated)](get-user-related-alerts-windows-defender-advanced-threat-protection.md) -####### [Get user related machines (deprecated)](get-user-related-machines-windows-defender-advanced-threat-protection.md) - - - - - - - - - - - - - - - - - - - - - #### API for custom alerts ##### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md) -##### [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md) -###### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md) -###### [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md) -###### [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md) -###### [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md) -###### [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md) -###### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) +##### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md) +##### [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md) +##### [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md) +##### [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md) +##### [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md) +##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) #### [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 08d856647a..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,97 +0,0 @@ ---- -title: Block file API -description: Use this API to blocking files from being running in the organization. -keywords: apis, graph api, supported apis, block file -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Block file API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - - -Prevent a file from being executed in the organization using Windows Defender Antivirus. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/files/{sha1}/block -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | String | Comment to associate with the action. **Required**. - - -## Response -If successful, this method returns 200, Ok response code with empty body, which indicates that block message was sent to Windows Defender deployed in the organization. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/files/7327b54fd718525cbca07dacde913b5ac3c85673/block -Content-type: application/json -{ - "Comment": "Block file due to alert 32123" -} - - -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "fileIdentifier": "7327b54fd718525cbca07dacde913b5ac3c85673", - "fileIdentifierType": "Sha1", - "actionType": "Block", - "fileStatus": "Blocked", - "creationDateTimeUtc": "2017-12-04T13:06:23.4502191Z", - "requestor": "Analyst@contoso.com ", - "requestorComment": "test", - "cancellationDateTimeUtc": null, - "cancellationRequestor": null, - "cancellationComment": null, - "lastUpdateDateTimeUtc": "2017-12-04T13:06:23.4502191Z" -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 6260351a2c..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,95 +0,0 @@ ---- -title: Collect investigation package API -description: Use this API to create calls related to the collecting an investigation package from a machine. -keywords: apis, graph api, supported apis, collect investigation package -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Collect investigation package API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Collect investigation package from a machine. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/machines/{id}/collectInvestigationPackage -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. Required. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | Text | Comment to associate with the action. **Required**. - -## Response -If successful, this method returns 201, Created response code and _MachineAction_ object in the response body. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/collectInvestigationPackage -Content-type: application/json -{ - "Comment": "Collect forensics due to alert 1234" -} -``` - -**Response** - -Here is an example of the response. - ->[!NOTE] ->The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call. - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions/$entity", - "id": "c9042f9b-8483-4526-87b5-35e4c2532223", - "type": "CollectInvestigationPackage", - "requestor": "Analyst@contoso.com ", - "requestorComment": " Collect forensics due to alert 1234", - "status": "InProgress", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:09:24.1785079Z", - "lastUpdateTimeUtc": "2017-12-04T12:09:24.1785079Z" -} - - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 5fd529d286..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,106 +0,0 @@ ---- -title: Use the Windows Defender Advanced Threat Protection exposed APIs -description: Use the exposed data and actions using a set of progammatic APIs that are part of the Microsoft Intelligence Security Graph. -keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 10/23/2017 ---- - -# Use the Windows Defender ATP exposed APIs (deprecated) - -**Applies to:** - - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - - - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - -Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you to automate workflows and innovate based on Windows Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code). - -In general, you’ll need to take the following steps to use the APIs: -- Create an app -- Get an access token -- Run queries on the graph API - -### Before you begin -Before using the APIs, you’ll need to create an app that you’ll use to authenticate against the graph. You’ll need to create a native app to use for the adhoc queries. - -## Create an app - -1. Log on to [Azure](https://portal.azure.com). - -2. Navigate to **Azure Active Directory** > **App registrations** > **New application registration**. - - ![Image of Microsoft Azure and navigation to application registration](images/atp-azure-new-app.png) - -3. In the Create window, enter the following information then click **Create**. - - ![Image of Create application window](images/atp-azure-create.png) - - - **Name:** WinATPGraph - - **Application type:** Native - - **Redirect URI:** `https://localhost` - - -4. Navigate and select the newly created application. - ![Image of new app in Azure](images/atp-azure-atp-app.png) - -5. Click **All settings** > **Required permissions** > **Add**. - - ![Image of All settings, then required permissions](images/atp-azure-required-permissions.png) - -6. Click **Select an API** > **Microsoft Graph**, then click **Select**. - - ![Image of API access and API selection](images/atp-azure-api-access.png) - - -7. Click **Select permissions** and select **Sign in and read user profile** then click **Select**. - - ![Image of select permissions](images/atp-azure-select-permissions.png) - -You can now use the code snippets in the following sections to query the API using the created app ID. - -## Get an access token -1. Get the Client ID from the application you created. - -2. Use the **Client ID**. For example: - ``` - private const string authority = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"; - private const string resourceId = "https://graph.microsoft.com"; - private const string clientId = "{YOUR CLIENT ID/APP ID HERE}"; - private const string redirect = "https://localhost"; - HttpClient client = new HttpClient(); - AuthenticationContext auth = new AuthenticationContext(authority); - var token = auth.AcquireTokenAsync(resourceId, clientId, new Uri(redirect), new PlatformParameters(PromptBehavior.Auto)).Result; - client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(token.AccessTokenType, token.AccessToken); - ``` - -## Query the graph -Once the bearer token is retrieved, you can easily invoke the graph APIs. For example: - -``` -client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); -// sample endpoint -string ep = @"https://graph.microsoft.com/{VERSION}/alerts?$top=5"; -HttpResponseMessage response = client.GetAsync(ep).Result; -string resp = response.Content.ReadAsStringAsync().Result; -Console.WriteLine($"response for: {ep} \r\n {resp}"); -``` - - -## Related topics -- [Supported Windows Defender ATP APIs](supported-apis-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 31dd495489..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,88 +0,0 @@ ---- -title: Find machine information by internal IP API -description: Use this API to create calls related to finding a machine entry around a specific timestamp by internal IP. -keywords: ip, apis, graph api, supported apis, find machine, machine information -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 07/25/2018 ---- - -# Find machine information by internal IP API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Find a machine entity around a specific timestamp by internal IP. - ->[!NOTE] ->The timestamp must be within the last 30 days. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/machines/find(timestamp={time},key={IP}) -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and machine exists - 200 OK. -If no machine found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/machines/find(timestamp=2018-06-19T10:00:00Z,key='10.166.93.61') -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - -The response will return a list of all machines that reported this IP address within sixteen minutes prior and after the timestamp. - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines", - "value": [ - { - "id": "04c99d46599f078f1c3da3783cf5b95f01ac61bb", - "computerDnsName": "", - "firstSeen": "2017-07-06T01:25:04.9480498Z", - "osPlatform": "Windows10", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 9a091b8391..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,81 +0,0 @@ ---- -title: Get actor information API -description: Retrieves an actor information report. -keywords: apis, graph api, supported apis, get, actor, information -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - - -# Get actor information API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - - -Retrieves an actor information report. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/actor/{id}/ -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and actor exists - 200 OK. -If actor does not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/actors/zinc -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Actors/$entity", - "id": "zinc", - "linkToReport": "link-to-pdf" -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md deleted file mode 100644 index bd46788176..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,90 +0,0 @@ ---- -title: Get actor related alerts API -description: Retrieves all alerts related to a given actor. -keywords: apis, graph api, supported apis, get, actor, related, alerts -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get actor related alerts API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves all alerts related to a given actor. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/actor/{id}/alerts -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and alert exists - 200 OK. -If actor does not exist or no related alerts - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/actors/zinc/alerts -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts", - "@odata.count": 3, - "value": [ - { - "id": "636390437845006321_-1646055784", - "severity": "Medium", - "status": "Resolved", - "description": "Malware associated with ZINC has been detected.", - "recommendedAction": "1.\tContact your incident response team.", - "alertCreationTime": "2017-08-23T00:09:43.9057955Z", - "category": "Malware", - "title": "Malware associated with the activity group ZINC was discovered", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 99122fe355..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: Get alert information by ID API -description: Retrieves an alert by its ID. -keywords: apis, graph api, supported apis, get, alert, information, id -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get alert information by ID API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves an alert by its ID. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/alerts/{id} -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and alert exists - 200 OK. -If alert not found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/alerts/{id} -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts/$entity", - "id": "636396039176847743_89954699", - "severity": "Informational", - "status": "New", - "description": "Readily available tools, such as commercial spyware, monitoring software, and hacking programs", - "recommendedAction": "Collect artifacts and determine scope.", - "alertCreationTime": "2017-08-29T11:45:17.5754165Z", -… -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 6fbf1c4597..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,82 +0,0 @@ ---- -title: Get alert related actor information API -description: Retrieves the actor information related to the specific alert. -keywords: apis, graph api, supported apis, get, alert, actor, information, related -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get alert related actor information API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - - -Retrieves the actor information related to the specific alert. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/alerts/{id}/actor -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and alert and actor exist - 200 OK. -If alert not found or actor not found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/actor -Content-type: application/json - -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Actors/$entity", - "id": "zinc", - "linkToReport": "link-to-pdf" -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 232626e443..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: Get alert related domain information -description: Retrieves all domains related to a specific alert. -keywords: apis, graph api, supported apis, get alert information, alert information, related domain -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get alert related domain information API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - - -[!include[Deprecatedinformation](deprecate.md)] - - - -Retrieves all domains related to a specific alert. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/alerts/{id}/domains -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and alert and domain exist - 200 OK. -If alert not found or domain not found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/domains -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Domains", - "value": [ - { - "host": "www.example.com" - } - ] -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md deleted file mode 100644 index aac3ca91b8..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: Get alert related files information -description: Retrieves all files related to a specific alert. -keywords: apis, graph api, supported apis, get alert information, alert information, related files -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get alert related files information API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves all files related to a specific alert. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/alerts/{id}/files -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and alert and files exist - 200 OK. -If alert not found or files not found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/files -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Files", - "value": [ - { - "sha1": "121c7060dada38275d7082a4b9dc62641b255c36", - "sha256": "c815e0abb8273ba4ea6ca92d430d9e4d065dbb52877a9ce6a8371e5881bd7a94", - "md5": "776c970dfd92397b3c7d74401c85cd40", - "globalPrevalence": null, - "globalFirstObserved": null, -… -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md deleted file mode 100644 index c90e325cd2..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: Get alert related IP information -description: Retrieves all IPs related to a specific alert. -keywords: apis, graph api, supported apis, get alert information, alert information, related ip -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get alert related IP information API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves all IPs related to a specific alert. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/alerts/{id}/ips -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and alert and an IP exist - 200 OK. -If alert not found or IPs not found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/ips -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Ips", -"value": [ - { - "id": "104.80.104.128" - }, - { - "id": "23.203.232.228 -… -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 9d2b5d8a54..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,81 +0,0 @@ ---- -title: Get alert related machine information -description: Retrieves all machines related to a specific alert. -keywords: apis, graph api, supported apis, get alert information, alert information, related machine -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get alert related machine information API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves all machines related to a specific alert. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/alerts/{id}/machine -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and alert and machine exist - 200 OK. -If alert not found or machine not found - 404 Not Found. - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/machine -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines/$entity", - "id": "207575116e44741d2b22b6a81429b3ca4fd34608", - "computerDnsName": "machine1-corp.contoso.com", - "firstSeen": "2015-12-01T11:31:53.7016691Z", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 0f7a062536..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,83 +0,0 @@ ---- -title: Get alert related user information -description: Retrieves the user associated to a specific alert. -keywords: apis, graph api, supported apis, get, alert, information, related, user -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get alert related user information API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Retrieves the user associated to a specific alert. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/alerts/{id}/user -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and alert and a user exists - 200 OK. -If alert not found or user not found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/user -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Users/$entity", - "id": "UserPII_487a7e2aa8b0a24e429b0be88e5cf5e91be1a8f4\\DomainPII_aca88e6ed7dc68a69c35019ca947745f3858c868", - "accountSid": null, - "accountName": "DomainPII_aca88e6ed7dc68a69c35019ca947745f3858c868", - "accountDomainName": "UserPII_487a7e2aa8b0a24e429b0be88e5cf5e91be1a8f4", -… -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 4fd7bfe798..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,89 +0,0 @@ ---- -title: Get alerts API -description: Retrieves top recent alerts. -keywords: apis, graph api, supported apis, get, alerts, recent -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get alerts API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves top recent alerts. - - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/alerts -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and alerts exists - 200 OK. -If no recent alerts found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/alerts -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts", - "@odata.count": 5000, - "@odata.nextLink": "https://graph.microsoft.com/testwdatppreview/alerts?$skip=5000", - "value": [ - { - "id": "636396039176847743_89954699", - "severity": "Informational", - "status": "New", - "description": "Readily available tools, such as commercial spyware, monitoring software, and hacking programs", - "recommendedAction": "Collect artifacts and determine scope", - "alertCreationTime": "2017-08-29T11:45:17.5754165Z", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 056e7fcffd..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,88 +0,0 @@ ---- -title: Get domain related alerts API -description: Retrieves a collection of alerts related to a given domain address. -keywords: apis, graph api, supported apis, get, domain, related, alerts -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get domain related alerts API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - - -[!include[Deprecated information](deprecate.md)] - - -Retrieves a collection of alerts related to a given domain address. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/domains/{id}/alerts -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and domain and alert exists - 200 OK. -If domain or alert does not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/domains/{id}/alerts -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts", - "@odata.count": 9, - "value": [ - { - "id": "636396023170943366_-36088267", - "severity": "Medium", - "status": "New", - "description": "Built-in Microsoft command-line utility Regsvr32.exe executes a suspicious script that leads to malicious actions. The commands trigger additional downloads and execution of uncommon executable (PE) files or scripts. There are rare cases where this is tied to legitimate behavior.", - "recommendedAction": "Update AV signatures and run a full scan.", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 45f5bbd0c4..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,85 +0,0 @@ ---- -title: Get domain related machines API -description: Retrieves a collection of machines related to a given domain address. -keywords: apis, graph api, supported apis, get, domain, related, machines -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get domain related machines API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves a collection of machines related to a given domain address. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/domains/{id}/machines -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and domain and machine exists - 200 OK. -If domain or machines do not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/domains/{id}/machines -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines", - "value": [ - { - "id": "0a3250e0693a109f1affc9217be9459028aa8426", - "computerDnsName": "ComputerPII_4aa5f8f4509b90675a13183742f1b1ad67cf62b0.DomainPII_23208d0fe863968308c0c8e67dc0004bd1257631", - "firstSeen": "2017-07-05T08:21:00.0572159Z", - "osPlatform": "Windows10", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md deleted file mode 100644 index ad4cf3a27b..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,82 +0,0 @@ ---- -title: Get domain statistics API -description: Retrieves the prevalence for the given domain. -keywords: apis, graph api, supported apis, get, domain, domain related machines -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get domain statistics API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - - -Retrieves the prevalence for the given domain. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/domains/{id}/stats -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and domain exists - 200 OK. -If domain does not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/domains/{id}/machines -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#microsoft.graph.InOrgDomainStats", - "host": "example.com", - "orgPrevalence": "4070", - "orgFirstSeen": "2017-07-30T13:23:48Z", - "orgLastSeen": "2017-08-29T13:09:05Z" -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md deleted file mode 100644 index ca11fae786..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,83 +0,0 @@ ---- -title: Get file information API -description: Retrieves a file by identifier Sha1, Sha256, or MD5. -keywords: apis, graph api, supported apis, get, file, information, sha1, sha256, md5 -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get file information API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves a file by identifier Sha1, Sha256, or MD5. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/files/{id}/ -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and file exists - 200 OK. -If file does not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/files/{id} -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Files/$entity", - "sha1": "adae3732709d2178c8895c9be39c445b5e76d587", - "sha256": "34fcb083cd01b1bd89fc467fd3c2cd292de92f915a5cb43a36edaed39ce2689a", - "md5": "d387a06cd4bf5fcc1b50c3882f41a44e", - "globalPrevalence": 40790196, -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md deleted file mode 100644 index d1f066091d..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: Get file related alerts API -description: Retrieves a collection of alerts related to a given file hash. -keywords: apis, graph api, supported apis, get, file, hash -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get file related alerts API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Retrieves a collection of alerts related to a given file hash. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/files/{id}/alerts -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and file and alert exists - 200 OK. -If file or alerts do not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/files/{id}/alerts -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts", - "@odata.count": 9, - "value": [ - { - "id": "636396023170943366_-36088267", - "severity": "Medium", - "status": "New", - "description": "Built-in Microsoft command-line utility Regsvr32.exe executes a suspicious script that leads to malicious actions. The commands trigger additional downloads and execution of uncommon executable (PE) files or scripts. There are rare cases where this is tied to legitimate behavior.", - "recommendedAction": "Update AV signatures and run a full scan.", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md deleted file mode 100644 index a8650d806c..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,84 +0,0 @@ ---- -title: Get file related machines API -description: Retrieves a collection of machines related to a given file hash. -keywords: apis, graph api, supported apis, get, machines, hash -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get file related machines API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Retrieves a collection of machines related to a given file hash. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/files/{id}/machines -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and file and machines exists - 200 OK. -If file or machines do not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/files/{id}/machines -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines", - "value": [ - { - "id": "0a3250e0693a109f1affc9217be9459028aa8426", - "computerDnsName": "ComputerPII_4aa5f8f4509b90675a13183742f1b1ad67cf62b0.DomainPII_23208d0fe863968308c0c8e67dc0004bd1257631", - "firstSeen": "2017-07-05T08:21:00.0572159Z", - "osPlatform": "Windows10", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 0e85bdd5e1..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,85 +0,0 @@ ---- -title: Get file statistics API -description: Retrieves the prevalence for the given file. -keywords: apis, graph api, supported apis, get, file, statistics -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get file statistics API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Retrieves the prevalence for the given file. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/files/{id}/stats -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and file exists - 200 OK. -If file do not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/files/{id}/machines -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#microsoft.windowsDefenderATP.api.InOrgFileStats", - "sha1": "adae3732709d2178c8895c9be39c445b5e76d587", - "orgPrevalence": "106398", - "orgFirstSeen": "2017-07-30T13:29:50Z", - "orgLastSeen": "2017-08-29T13:29:31Z", - "topFileNames": [ - "chrome.exe", - "old_chrome.exe" - ] -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 86719d8e4d..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,120 +0,0 @@ ---- -title: Get FileActions collection API -description: Use this API to create calls related to get fileactions collection -keywords: apis, graph api, supported apis, get, file, information, fileactions collection -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get FileActions collection API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Gets collection of actions done on files. Get FileActions collection API supports OData V4 queries. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -GET /testwdatppreview/fileactions -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. - - -## Request body -Empty - -## Response -If successful, this method returns 200, Ok response code with a collection of FileAction objects. - ->[!NOTE] ->Although Block and Unblock actions are under FileAction category, this API only returns the Block actions on files that are currently blocked. For example, a file that is blocked and then unblocked will not be seen on this API. - - - -## Example - -**Request** - -Here is an example of the request on an organization that has three FileActions. - -``` -GET https://graph.microsoft.com/testwdatppreview/fileactions -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 Ok -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#FileActions", - "value": [ - { - "fileIdentifier": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9", - "fileIdentifierType": "Sha1", - "actionType": "Block", - "fileStatus": "Blocked", - "creationDateTimeUtc": "2017-12-04T13:06:23.4502191Z", - "requestor": "Analyst@contoso.com ", - "requestorComment": "test", - "cancellationDateTimeUtc": null, - "cancellationRequestor": null, - "cancellationComment": null, - "lastUpdateDateTimeUtc": "2017-12-04T13:06:23.4502191Z" - }, - { - "fileIdentifier": "df708f0107c7cc75ba2e5aaadc88b8bcfa01071d", - "fileIdentifierType": "Sha1", - "actionType": "Block", - "fileStatus": "Blocked", - "creationDateTimeUtc": "2017-11-05T11:16:19.9209438Z", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "1316", - "cancellationDateTimeUtc": null, - "cancellationRequestor": null, - "cancellationComment": null, - "lastUpdateDateTimeUtc": "2017-11-05T11:16:19.9209438Z" - }, - { - "fileIdentifier": "f5bc0981641c8a1fb3ef03e4bf574d8adf7134cf", - "fileIdentifierType": "Sha1", - "actionType": "Block", - "fileStatus": "Blocked", - "creationDateTimeUtc": "2017-11-05T10:57:02.2430564Z", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "test 1256 2017.11.05", - "cancellationDateTimeUtc": null, - "cancellationRequestor": null, - "cancellationComment": null, - "lastUpdateDateTimeUtc": "2017-11-05T10:57:02.2430564Z" - } - ] -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 16d879ad08..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,92 +0,0 @@ ---- -title: Get FileMachineAction object API -description: Use this API to create calls related to get machineaction object -keywords: apis, graph api, supported apis, filemachineaction object -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get FileMachineAction object API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Gets file and machine actions. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -GET /testwdatppreview/filemachineactions/{id} -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. - - -## Request body -Empty - -## Response -If successful, this method returns 200, Ok response code with the *FileMachineAction* object. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/filemachineactions/3dc88ce3-dd0c-40f7-93fc-8bd14317aab6 -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 Ok -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#FileMachineActions/$entity", - "id": "3dc88ce3-dd0c-40f7-93fc-8bd14317aab6", - "sha1": "8908b4441a2cd7285fe9c82917f69041cd467cf7", - "type": "StopAndQuarantineFile", - "requestor": "Analyst@contoso.com ", - "requestorComment": "1104", - "status": "Succeeded", - "fileId": "8908b4441a2cd7285fe9c82917f69041cd467cf7", - "machineId": "61a2d326d2190d048950406b54af23416118094a", - "creationDateTimeUtc": "2017-09-06T08:04:06.1994034Z", - "lastUpdateDateTimeUtc": "2017-09-06T08:05:46.9200942Z", - "fileInstances": [ - { - "filePath": "C:\\tools\\PE\\7f06a650-040b-4774-bb39-5264ea9e93fa.exe", - "status": "Succeeded" - } - ] -} - - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 6ff6b4a661..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,179 +0,0 @@ ---- -title: Get FileMachineActions collection API -description: Use this API to create calls related to get filemachineactions collection -keywords: apis, graph api, supported apis, filemachineactions collection -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get FileMachineActions collection API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Get collection of file and machine actions. Get FileMachineActions collection API supports OData V4 queries. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -GET /testwdatppreview/filemachineactions -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. - - -## Request body -Empty - -## Response -If successful, this method returns 200, Ok response code with a collection of FileMachineAction objects since the Retention policy time of the organization. - - -## Example 1 - -**Request** - -Here is an example of the request on an organization that has three FileMachineActions. - -``` -GET https://graph.microsoft.com/testwdatppreview/filemachineactions -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 Ok -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#FileActions", - "value": [ - { - "fileIdentifier": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9", - "fileIdentifierType": "Sha1", - "actionType": "Block", - "fileStatus": "Blocked", - "creationDateTimeUtc": "2017-12-04T13:06:23.4502191Z", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "test", - "cancellationDateTimeUtc": null, - "cancellationRequestor": null, - "cancellationComment": null, - "lastUpdateDateTimeUtc": "2017-12-04T13:06:23.4502191Z" - }, - { - "fileIdentifier": "df708f0107c7cc75ba2e5aaadc88b8bcfa01071d", - "fileIdentifierType": "Sha1", - "actionType": "Block", - "fileStatus": "Blocked", - "creationDateTimeUtc": "2017-11-05T11:16:19.9209438Z", - "requestor": "Analyst@contoso.com ", - "requestorComment": "1316", - "cancellationDateTimeUtc": null, - "cancellationRequestor": null, - "cancellationComment": null, - "lastUpdateDateTimeUtc": "2017-11-05T11:16:19.9209438Z" - }, - { - "fileIdentifier": "f5bc0981641c8a1fb3ef03e4bf574d8adf7134cf", - "fileIdentifierType": "Sha1", - "actionType": "Block", - "fileStatus": "Blocked", - "creationDateTimeUtc": "2017-11-05T10:57:02.2430564Z", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "test 1256 2017.11.05", - "cancellationDateTimeUtc": null, - "cancellationRequestor": null, - "cancellationComment": null, - "lastUpdateDateTimeUtc": "2017-11-05T10:57:02.2430564Z" - } - ] -} - - -``` - -##Example 2 - -**Request** - -Here is an example of a request that filters the FileMachineActions by machine ID and shows the latest two FileMachineActions. - -``` -GET https://graph.microsoft.com/testwdatppreview/filemachineactions?$filter=machineId eq 'f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f'&$top=2 -``` - -**Response** - -``` -HTTP/1.1 200 Ok -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#FileMachineActions", - "value": [ - { - "id": "6f1d364c-680c-499a-b30c-dd9265ad4c9d", - "sha1": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9", - "type": "StopAndQuarantineFile", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "test", - "status": "Succeeded", - "fileId": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T13:13:26.2106524Z", - "lastUpdateDateTimeUtc": "2017-12-04T13:15:07.1639963Z", - "fileInstances": [ - { - "filePath": "C:\\Users\\ testUser \\Downloads\\elma.exe", - "status": "Succeeded" - }, - { - "filePath": "C:\\Users\\ testUser \\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\TempState\\Downloads\\elma (2).exe.xc9q785.partial", - "status": "Succeeded" - }, - ] - }, - { - "id": "c083f601-012f-4955-b4cc-fab50fb69d79", - "sha1": "8d25682b3a82af25b42dc90291c35ff3293daa68", - "type": "RequestSample", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "test", - "status": "Succeeded", - "fileId": "8d25682b3a82af25b42dc90291c35ff3293daa68", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T13:39:24.9399004Z", - "lastUpdateDateTimeUtc": "2017-12-04T13:40:01.1094743Z", - "fileInstances": [ - { - "filePath": "C:\\Windows\\System32\\conhost.exe", - "status": "Succeeded" - } - ] - } - ] -} -``` \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md deleted file mode 100644 index fa65c52796..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: Get IP related alerts API -description: Retrieves a collection of alerts related to a given IP address. -keywords: apis, graph api, supported apis, get, ip, related, alerts -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get IP related alerts API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Retrieves a collection of alerts related to a given IP address. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/ips/{id}/alerts -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and IP and alert exists - 200 OK. -If IP and alerts do not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/ips/{id}/alerts -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts", - "@odata.count": 9, - "value": [ - { - "id": "636396023170943366_-36088267", - "severity": "Medium", - "status": "New", - "description": "Built-in Microsoft command-line utility Regsvr32.exe executes a suspicious script that leads to malicious actions. The commands trigger additional downloads and execution of uncommon executable (PE) files or scripts. There are rare cases where this is tied to legitimate behavior.", - "recommendedAction": "Update AV signatures and run a full scan.", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 756cbde8ab..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,76 +0,0 @@ ---- -title: Get IP related machines API -description: Retrieves a collection of machines related to a given IP address. -keywords: apis, graph api, supported apis, get, ip, related, machines -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get IP related machines API -Retrieves a collection of alerts related to a given IP address. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/ips/{id}/machines -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and IP and machines exists - 200 OK. If IP or machines do not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/ips/{id}/machines -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines", - "value": [ - { - "id": "0a3250e0693a109f1affc9217be9459028aa8426", - "computerDnsName": "ComputerPII_4aa5f8f4509b90675a13183742f1b1ad67cf62b0.DomainPII_23208d0fe863968308c0c8e67dc0004bd1257631", - "firstSeen": "2017-07-05T08:21:00.0572159Z", - "osPlatform": "Windows10", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 01e4b54211..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,81 +0,0 @@ ---- -title: Get IP statistics API -description: Retrieves the prevalence for the given IP. -keywords: apis, graph api, supported apis, get, ip, statistics, prevalence -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get IP statistics API - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - - - -Retrieves the prevalence for the given IP. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/ips/{id}/stats -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and IP and domain exists - 200 OK. -If domain does not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/ips/{id}/machines -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#microsoft.windowsDefenderATP.api.InOrgIPStats", - "ipAddress": "192.168.1.1", - "orgPrevalence": "63515", - "orgFirstSeen": "2017-07-30T13:36:06Z", - "orgLastSeen": "2017-08-29T13:32:59Z" -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 70f7ef1f4c..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,84 +0,0 @@ ---- -title: Get machine by ID API -description: Retrieves a machine entity by ID. -keywords: apis, graph api, supported apis, get, machines, entity, id -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get machine by ID API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Retrieves a machine entity by ID. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/machines/{id} -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and machine exists - 200 OK. -If no machine found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/machines/{id} -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines/$entity", - "id": "fadd8a46f4cc722a0391fdee82a7503b9591b3b9", - "computerDnsName": "", - "firstSeen": "2015-03-15T00:18:20.6588778Z", - "osPlatform": "Windows10", - "osVersion": "10.0.0.0", -… -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 1b5ab3844f..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,84 +0,0 @@ ---- -title: Get machine log on users API -description: Retrieves a collection of logged on users. -keywords: apis, graph api, supported apis, get, machine, log on, users -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get machine log on users API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves a collection of logged on users. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/machines/{id}/logonusers -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and machine and user exist - 200 OK. -If no machine found or no users found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/machines/{id}/logonusers -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Users", - "value": [ - { - "id": "m", - "accountSid": null, - "accountName": "", - "accountDomainName": "northamerica", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 42bdf1c86f..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,85 +0,0 @@ ---- -title: Get machine related alerts API -description: Retrieves a collection of alerts related to a given machine ID. -keywords: apis, graph api, supported apis, get, machines, related, alerts -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get machine related alerts API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Retrieves a collection of alerts related to a given machine ID. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/machines/{id}/alerts -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and machine and alert exists - 200 OK. -If no machine or no alerts found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/machines/{id}/alerts -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts", - "@odata.count": 1, - "value": [ - { - "id": "636396066728379047_-395412459", - "severity": "Medium", - "status": "New", - "description": "A reverse shell created from PowerShell was detected. A reverse shell allows an attacker to access the compromised machine without authenticating.", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 5d17696c39..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,85 +0,0 @@ ---- -title: Get MachineAction object API -description: Use this API to create calls related to get machineaction object -keywords: apis, graph api, supported apis, machineaction object -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get MachineAction object API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Get actions done on a machine. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -GET /testwdatppreview/machineactions/{id} -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. - - -## Request body -Empty - -## Response -If successful, this method returns 200, Ok response code with the *MachineAction* object. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/machineactions/2e9da30d-27f6-4208-81f2-9cd3d67893ba -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 Ok -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions/$entity", - "id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba", - "type": "RunAntiVirusScan", - "requestor": "Analyst@contoso.com ", - "requestorComment": "Check machine for viruses due to alert 3212", - "status": "Succeeded", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:18:27.1293487Z", - "lastUpdateTimeUtc": "2017-12-04T12:18:57.5511934Z" -} - - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md deleted file mode 100644 index b0b763756d..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,159 +0,0 @@ ---- -title: Get MachineActions collection API -description: Use this API to create calls related to get machineactions collection -keywords: apis, graph api, supported apis, machineaction collection -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get MachineActions collection API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - - Gets collection of actions done on machines. Get MachineAction collection API supports OData V4 queries. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -GET /testwdatppreview/machineactions -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. - - -## Request body -Empty - -## Response -If successful, this method returns 200, Ok response code with a collection of MachineAction objects since the Retention policy time of the organization. - - -## Example 1 - -**Request** - -Here is an example of the request on an organization that has three MachineActions. - -``` -GET https://graph.microsoft.com/testwdatppreview/machineactions -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 Ok -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions", - "value": [ - { - "id": "69dc3630-1ccc-4342-acf3-35286eec741d", - "type": "CollectInvestigationPackage", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "test", - "status": "Succeeded", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:43:57.2011911Z", - "lastUpdateTimeUtc": "2017-12-04T12:45:25.4049122Z" - }, - { - "id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba", - "type": "RunAntiVirusScan", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "Check machine for viruses due to alert 3212", - "status": "Succeeded", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:18:27.1293487Z", - "lastUpdateTimeUtc": "2017-12-04T12:18:57.5511934Z" - }, - { - "id": "44cffc15-0e3d-4cbf-96aa-bf76f9b27f5e", - "type": "UnrestrictCodeExecution", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "test", - "status": "Succeeded", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:15:40.6052029Z", - "lastUpdateTimeUtc": "2017-12-04T12:16:14.2899973Z" - } - ] -} - - -``` - -## Example 2 - -**Request** - -Here is an example of a request that filters the MachineActions by machine ID and shows the latest two MachineActions. - -``` -GET https://graph.microsoft.com/testwdatppreview/machineactions?$filter=machineId eq 'f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f'&$top=2 -``` - - - -**Response** - -Here is an example of the response. - -``` -HTTP/1.1 200 Ok -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions", - "value": [ - { - "id": "69dc3630-1ccc-4342-acf3-35286eec741d", - "type": "CollectInvestigationPackage", - "requestor": "Analyst@contoso.com ", - "requestorComment": "test", - "status": "Succeeded", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:43:57.2011911Z", - "lastUpdateTimeUtc": "2017-12-04T12:45:25.4049122Z" - }, - { - "id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba", - "type": "RunAntiVirusScan", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "Check machine for viruses due to alert 3212", - "status": "Succeeded", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:18:27.1293487Z", - "lastUpdateTimeUtc": "2017-12-04T12:18:57.5511934Z" - } - ] -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md deleted file mode 100644 index af20fa7c3a..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,89 +0,0 @@ ---- -title: Get machines API -description: Retrieves a collection of recently seen machines. -keywords: apis, graph api, supported apis, get, machines -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get machines API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves a collection of recently seen machines. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/machines -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and machines exists - 200 OK. -If no recent machines - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/machines -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines", - "@odata.count": 5000, - "@odata.nextLink": "https://graph.microsoft.com/testwdatppreview/machines?$skip=5000", - "value": [ - { - "id": "fadd8a46f4cc722a0391fdee82a7503b9591b3b9", - "computerDnsName": "", - "firstSeen": "2015-03-15T00:18:20.6588778Z", - "osPlatform": "Windows10", - "osVersion": "10.0.0.0", -… -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 929c85a45a..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,80 +0,0 @@ ---- -title: Get package SAS URI API -description: Use this API to get a URI that allows downloading an investigation package. -keywords: apis, graph api, supported apis, get package, sas, uri -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get package SAS URI API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Get a URI that allows downloading of an investigation package. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -GET /testwdatppreview/machineactions/{id}/getPackageUri -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content-Type | application/json - - -## Request body -Empty - -## Response -If successful, this method returns 200, Ok response code with object that holds the link to the package in the “value” parameter. This link is valid for a very short time and should be used immediately for downloading the package to a local storage. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/machineactions/7327b54fd718525cbca07dacde913b5ac3c85673/GetPackageUri - -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 Ok -Content-type: application/json - -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Edm.String", - "value": "\"https://userrequests-us.securitycenter.windows.com:443/safedownload/WDATP_Investigation_Package.zip?token=gbDyj7y%2fbWGAZjn2sFiZXlliBTXOCVG7yiJ6mXNaQ9pLByC2Wxeno9mENsPFP3xMk5l%2bZiJXjLvqAyNEzUNROxoM2I1er9dxzfVeBsxSmclJjPsAx%2btiNyxSz1Ax%2b5jaT5cL5bZg%2b8wgbwY9urXbTpGjAKh6FB1e%2b0ypcWkPm8UkfOwsmtC%2biZJ2%2bPqnkkeQk7SKMNoAvmh9%2fcqDIPKXGIBjMa0D9auzypOqd8bQXp7p2BnLSH136BxST8n9IHR4PILvRjAYW9kvtHkBpBitfydAsUW4g2oDZSPN3kCLBOoo1C4w4Lkc9Bc3GNU2IW6dfB7SHcp7G9p4BDkeJl3VuDs6esCaeBorpn9FKJ%2fXo7o9pdcI0hUPZ6Ds9hiPpwPUtz5J29CBE3QAopCK%2fsWlf6OW2WyXsrNRSnF1tVE5H3wXpREzuhD7S4AIA3OIEZKzC4jIPLeMu%2bazZU9xGwuc3gICOaokbwMJiZTqcUuK%2fV9YdBdjdg8wJ16NDU96Pl6%2fgew2KYuk6Wo7ZuHotgHI1abcsvdlpe4AvixDbqcRJthsg2PpLRaFLm5av44UGkeK6TJpFvxUn%2f9fg6Zk5yM1KUTHb8XGmutoCM8U9er6AzXZlY0gGc3D3bQOg41EJZkEZLyUEbk1hXJB36ku2%2bW01cG71t7MxMBYz7%2bdXobxpdo%3d%3bRWS%2bCeoDfTyDcfH5pkCg6hYDmCOPr%2fHYQuaUWUBNVnXURYkdyOzVHqp%2fe%2f1BNyPdVoVkpQHpz1pPS3b5g9h7IMmNKCk5gFq5m2nPx6kk9EYtzx8Ndoa2m9Yj%2bSaf8zIFke86YnfQL4AYewsnQNJJh4wc%2bXxGlBq7axDcoiOdX91rKzVicH3GSBkFoLFAKoegWWsF%2fEDZcVpF%2fXUA1K8HvB6dwyfy4y0sAqnNPxYTQ97mG7yHhxPt4Pe9YF2UPPAJVuEf8LNlQ%2bWHC9%2f7msF6UUI4%2fca%2ftpjFs%2fSNeRE8%2fyQj21TI8YTF1SowvaJuDc1ivEoeopNNGG%2bGI%2fX0SckaVxU9Hdkh0zbydSlT5SZwbSwescs0IpzECitBbaLUz4aT8KTs8T0lvx8D7Te3wVsKAJ1r3iFMQZrlk%2bS1WW8rvac7oHRx2HKURn1v7fDIQWgJr9aNsNlFz4fLJ50T2qSHuuepkLVbe93Va072aMGhvr09WVKoTpAf1j2bcFZZU6Za5PxI32mr0k90FgiYFJ1F%2f1vRDrGwvWVWUkR3Z33m4g0gHa52W1FMxQY0TJIwbovD6FaSNDx7xhKZSd5IJ7r6P91Gez49PaZRcAZPjd%2bfbul3JNm1VqQPTLohT7wa0ymRiXpSST74xtFzuEBzNSNATdbngj3%2fwV4JesTjZjIj5Dc%3d%3blumqauVlFuuO8MQffZgs0tLJ4Fq6fpeozPTdDf8Ll6XLegi079%2b4mSPFjTK0y6eohstxdoOdom2wAHiZwk0u4KLKmRkfYOdT1wHY79qKoBQ3ZDHFTys9V%2fcwKGl%2bl8IenWDutHygn5IcA1y7GTZj4g%3d%3d\"" -} - - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 9301b0a805..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,82 +0,0 @@ ---- -title: Get user information API -description: Retrieve a User entity by key such as user name or domain. -keywords: apis, graph api, supported apis, get, user, user information -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get user information API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Retrieve a User entity by key (user name or domain\user). - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/users/{id}/ -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and user exists - 200 OK. -If user does not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/users/{id} -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Users/$entity", - "id": "", - "accountSid": null, - "accountName": "", - "accountDomainName": "", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 4884ead11f..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: Get user related alerts API -description: Retrieves a collection of alerts related to a given user ID. -keywords: apis, graph api, supported apis, get, user, related, alerts -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 11/15/2018 ---- - -# Get user related alerts API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Retrieves a collection of alerts related to a given user ID. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/users/{id}/alerts -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and user and alert exists - 200 OK. -If user does not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/users/{id}/alerts -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts", - "@odata.count": 9, - "value": [ - { - "id": "636396023170943366_-36088267", - "severity": "Medium", - "status": "New", - "description": "Built-in Microsoft command-line utility Regsvr32.exe executes a suspicious script that leads to malicious actions. The commands trigger additional downloads and execution of uncommon executable (PE) files or scripts. There are rare cases where this is tied to legitimate behavior.", - "recommendedAction": "Update AV signatures and run a full scan.", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 0a0c740329..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,84 +0,0 @@ ---- -title: Get user related machines API -description: Retrieves a collection of machines related to a given user ID. -keywords: apis, graph api, supported apis, get, user, user related alerts -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get user related machines API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Retrieves a collection of machines related to a given user ID. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/users/{id}/machines -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and user and machine exists - 200 OK. -If user or machine does not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/users/{id}/machines -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines", - "value": [ - { - "id": "0a3250e0693a109f1affc9217be9459028aa8426", - "computerDnsName": "ComputerPII_4aa5f8f4509b90675a13183742f1b1ad67cf62b0.DomainPII_23208d0fe863968308c0c8e67dc0004bd1257631", - "firstSeen": "2017-07-05T08:21:00.0572159Z", - "osPlatform": "Windows10", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md deleted file mode 100644 index f2f3f599ed..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,76 +0,0 @@ ---- -title: Is domain seen in org API -description: Use this API to create calls related to checking whether a domain was seen in the organization. -keywords: apis, graph api, supported apis, domain, domain seen -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 04/24/2018 ---- - -# Is domain seen in org (deprecated) -Answers whether a domain was seen in the organization. - -[!include[Deprecatedinformation](deprecate.md)] - - - - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/domains/{id}/ -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and domain exists - 200 OK. -If domain does not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/domains/{id} -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Domains/$entity", - "host": "example.com" -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 0b86cc08b7..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,78 +0,0 @@ ---- -title: Is IP seen in org API -description: Answers whether an IP was seen in the organization. -keywords: apis, graph api, supported apis, is, ip, seen, org, organization -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Is IP seen in org (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Answers whether an IP was seen in the organization. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/ips/{id}/ -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and IP exists - 200 OK. -If IP do not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/ips/{id} -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Ips/$entity", - "id": "192.168.1.1" -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md deleted file mode 100644 index fbff79456d..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,101 +0,0 @@ ---- -title: Isolate machine API -description: Use this API to create calls related isolating a machine. -keywords: apis, graph api, supported apis, isolate machine -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Isolate machine API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Isolates a machine from accessing external network. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/machines/{id}/isolate -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | String | Comment to associate with the action. **Required**. -IsolationType | IsolationType | Full or selective isolation - -**IsolationType** controls the type of isolation to perform and can be one of the following: -- Full – Full isolation -- Selective – Restrict only limited set of applications from accessing the network - - -## Response -If successful, this method returns 201, Created response code and _MachineAction_ object in the response body. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/isolate -Content-type: application/json -{ - "Comment": "Isolate machine due to alert 1234", - “IsolationType”: “Full” -} - -``` -**Response** - -Here is an example of the response. - ->[!NOTE] ->The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call. - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions/$entity", - "id": "b89eb834-4578-496c-8be0-03f004061435", - "type": "Isolate", - "requestor": "Analyst@contoso.com ", - "requestorComment": "Isolate machine due to alert 1234", - "status": "InProgress", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:12:18.9725659Z", - "lastUpdateTimeUtc": "2017-12-04T12:12:18.9725659Z" -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/management-apis.md b/windows/security/threat-protection/windows-defender-atp/management-apis.md index 953abcfa6f..8a0deb4397 100644 --- a/windows/security/threat-protection/windows-defender-atp/management-apis.md +++ b/windows/security/threat-protection/windows-defender-atp/management-apis.md @@ -61,7 +61,7 @@ Managed security service provider | Get a quick overview on managed security ser ## Related topics - [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md) - [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md) -- [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md) +- [Use the Windows Defender ATP exposed APIs](use-apis.md) - [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md) - [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) - [Role-based access control](rbac-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 4d7432ff2f..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,104 +0,0 @@ ---- -title: Request sample API -description: Use this API to create calls related to requesting a sample from a machine. -keywords: apis, graph api, supported apis, request sample -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Request sample API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Request sample of a file from a specific machine. File will be collected from the machine and uploaded to a secure storage. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/machines/{id}/requestSample -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | String | Comment to associate with the action. **Required**. -Sha1 | String | Sha1 of the file to upload to the secure storage. **Required**. - -## Response -If successful, this method returns 201, Created response code and *FileMachineAction* object in the response body. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/requestSample -Content-type: application/json -{ - "Comment": "Request Sample on machine due to alert 32123", - "Sha1": "8d25682b3a82af25b42dc90291c35ff3293daa68" -} - -``` - -**Response** - -Here is an example of the response. - ->[!NOTE] ->The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call. - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#FileMachineActions/$entity", - "id": "c083f601-012f-4955-b4cc-fab50fb69d79", - "sha1": "8d25682b3a82af25b42dc90291c35ff3293daa68", - "type": "RequestSample", - "requestor": "Analyst@contoso.com ", - "requestorComment": "test", - "status": "InProgress", - "fileId": "8d25682b3a82af25b42dc90291c35ff3293daa68", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T13:39:24.9399004Z", - "lastUpdateDateTimeUtc": "2017-12-04T13:39:24.9399004Z", - "fileInstances": [ - { - "filePath": "C:\\Windows\\System32\\conhost.exe", - "status": "InProgress" - } - ] -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 3f75d91bd0..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,93 +0,0 @@ ---- -title: Restrict app execution API -description: Use this API to create calls related to restricting an application from executing. -keywords: apis, graph api, supported apis, collect investigation package -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Restrict app execution API (deprecated) - -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Restrict execution of set of predefined applications. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/machines/{id}/restrictCodeExecution -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | String | Comment to associate with the action. **Required**. - -## Response -If successful, this method returns 201, Created response code and _MachineAction_ object in the response body. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/restrictCodeExecution -Content-type: application/json -{ - "Comment": "Restrict code execution due to alert 1234" -} - -``` -**Response** - -Here is an example of the response. - ->[!NOTE] ->The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call. - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions/$entity", - "id": "78d408d1-384c-4c19-8b57-ba39e378011a", - "type": "RestrictCodeExecution", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "Restrict code execution due to alert 1234", - "status": "InProgress", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:15:04.3825985Z", - "lastUpdateTimeUtc": "2017-12-04T12:15:04.3825985Z" -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 8ed75cb329..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,102 +0,0 @@ ---- -title: Run antivirus scan API -description: Use this API to create calls related to running an antivirus scan on a machine. -keywords: apis, graph api, supported apis, remove machine from isolation -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Run antivirus scan API (deprecated) - -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Initiate Windows Defender Antivirus scan on the machine. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/machines/{id}/runAntiVirusScan -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | String | Comment to associate with the action. **Required**. -ScanType| ScanType | Defines the type of the Scan. **Required**. - -**ScanType** controls the type of scan to perform and can be one of the following: - -- **Quick** – Perform quick scan on the machine -- **Full** – Perform full scan on the machine - - - -## Response -If successful, this method returns 201, Created response code and _MachineAction_ object in the response body. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/runAntiVirusScan -Content-type: application/json -{ - "Comment": "Check machine for viruses due to alert 3212", - “ScanType”: “Full” -} -``` - -**Response** - -Here is an example of the response. - ->[!NOTE] ->The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call. - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions/$entity", - "id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba", - "type": "RunAntiVirusScan", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "Check machine for viruses due to alert 3212", - "status": "InProgress", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:18:27.1293487Z", - "lastUpdateTimeUtc": "2017-12-04T12:18:27.1293487Z" -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md deleted file mode 100644 index f3b54eaefe..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,107 +0,0 @@ ---- -title: Stop and quarantine file API -description: Use this API to create calls related to stopping and quarantining a file. -keywords: apis, graph api, supported apis, stop, quarantine, file -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Stop and quarantine file API (deprecated) - -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Stop execution of a file on a machine and ensure it’s not executed again on that machine. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/machines/{id}/stopAndQuarantineFile -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | String | Comment to associate with the action. **Required**. -Sha1 | String | Sha1 of the file to stop and quarantine on the machine. **Required**. - -## Response -If successful, this method returns 201, Created response code and _FileMachineAction_ object in the response body. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/stopAndQuarantineFile -Content-type: application/json -{ - "Comment": "Stop and quarantine file on machine due to alert 32123", - "Sha1": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9" -} - -``` -**Response** - -Here is an example of the response. - ->[!NOTE] ->The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call. - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#FileMachineActions/$entity", - "id": "6f1d364c-680c-499a-b30c-dd9265ad4c9d", - "sha1": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9", - "type": "StopAndQuarantineFile", - "requestor": "Analyst@contoso.com ", - "requestorComment": " Stop and quarantine file on machine due to alert 32123", - "status": "InProgress", - "fileId": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T13:13:26.2106524Z", - "lastUpdateDateTimeUtc": "2017-12-04T13:13:58.8098277Z", - "fileInstances": [ - { - "filePath": "C:\\Users\\ testUser \\Downloads\\elma.exe", - "status": "InProgress" - }, - { - "filePath": "C:\\Users\\testUser\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\TempState\\Downloads\\elma (2).exe.xc9q785.partial", - "status": "InProgress" - }, - ] - } - - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md deleted file mode 100644 index a01fb9ed2b..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: Supported Windows Defender Advanced Threat Protection query APIs -description: Learn about the specific supported Windows Defender Advanced Threat Protection entities where you can create API calls to. -keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual -ms.date: 09/03/2018 ---- - -# Supported Windows Defender ATP query APIs (deprecated) - -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - - -Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses. - -## In this section -Topic | Description -:---|:--- -Actor | Run API calls such as get actor information and get actor related alerts. -Alerts | Run API calls such as get alerts, alert information by ID, alert related actor information, alert related IP information, and alert related machine information. -Domain |Run API calls such as get domain related machines, domain related machines, statistics, and check if a domain is seen in your organization. -File | Run API calls such as get file information, file related alerts, file related machines, and file statistics. -IP | Run API calls such as get IP related alerts, IP related machines, IP statistics, and check if and IP is seen in your organization. -Machines | Run API calls such as find machine information by IP, get machines, get machines by ID, information about logged on users, and alerts related to a given machine ID. -User | Run API calls such as get alert related user information, user information, user related alerts, and user related machines. -KbInfo | Run API call that gets list of Windows KB's information -CveKbMap | Run API call that gets mapping of CVE's to corresponding KB's -MachineSecurityStates | Run API call that gets list of machines with their security properties and versions -MachineGroups | Run API call that gets list of machine group definitions \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 1736e61abf..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,94 +0,0 @@ ---- -title: Unblock file API -description: Use this API to create calls related to allowing a file to be executed in the organization -keywords: apis, graph api, supported apis, unblock file -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Unblock file API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Allow a file to be executed in the organization, using Windows Defender Antivirus. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/files/{sha1}/unblock -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | String | Comment to associate with the action. **Required**. - - -## Response -If successful, this method returns 200, Ok response code with empty body, which indicates that block message was sent to Windows Defender deployed in the organization. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/files/7327b54fd718525cbca07dacde913b5ac3c85673/unblock -Content-type: application/json -{ - "Comment": "Unblock file since alert 1234 was investigated and discovered to be false alarm", -} -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "fileIdentifier": "7327b54fd718525cbca07dacde913b5ac3c85673", - "fileIdentifierType": "Sha1", - "actionType": "UnBlock", - "fileStatus": "Blocked", - "creationDateTimeUtc": "2017-12-04T13:06:23.4502191Z", - "requestor": "Analyst@contoso.com ", - "requestorComment": "test", - "cancellationDateTimeUtc": null, - "cancellationRequestor": null, - "cancellationComment": null, - "lastUpdateDateTimeUtc": "2017-12-04T13:06:23.4502191Z" -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 75c9b7f246..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,95 +0,0 @@ ---- -title: Release machine from isolation API -description: Use this API to create calls related to release a machine from isolation. -keywords: apis, graph api, supported apis, remove machine from isolation -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Release machine from isolation API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Undo isolation of a machine. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/machines/{id}/unisolate -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | String | Comment to associate with the action. **Required**. - -## Response -If successful, this method returns 201, Created response code and _MachineAction_ object in the response body. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/unisolate -Content-type: application/json -{ - "Comment": "Unisolate machine since it was clean and validated" -} - -``` -**Response** - -Here is an example of the response. - ->[!NOTE] ->The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call. - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions/$entity", - "id": "09a0f91e-a2eb-409d-af33-5577fe9bd558", - "type": "Unisolate", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "Unisolate machine since it was clean and validated ", - "status": "InProgress", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:13:15.0104931Z", - "lastUpdateTimeUtc": "2017-12-04T12:13:15.0104931Z" -} - - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 413288c9bf..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,96 +0,0 @@ ---- -title: Remove app restriction API -description: Use this API to create calls related to removing a restriction from applications from executing. -keywords: apis, graph api, supported apis, remove machine from isolation -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Remove app restriction API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Unrestrict execution of set of predefined applications. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/machines/{id}/unrestrictCodeExecution -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. Required. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | String | Comment to associate with the action. **Required**. - -## Response -If successful, this method returns 201, Created response code and _MachineAction_ object in the response body. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/unrestrictCodeExecution -Content-type: application/json -{ - "Comment": "Unrestrict code execution since machine was cleaned and validated" -} - -``` - -**Response** - -Here is an example of the response. - ->[!NOTE] ->The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call. - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions/$entity", - "id": "44cffc15-0e3d-4cbf-96aa-bf76f9b27f5e", - "type": "UnrestrictCodeExecution", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "Unrestrict code execution since machine was cleaned and validated ", - "status": "InProgress", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:15:40.6052029Z", - "lastUpdateTimeUtc": "2017-12-04T12:15:40.6052029Z" -} - - -```