From 85b5baaf518047fb04ebf8a892d89276c7117cf1 Mon Sep 17 00:00:00 2001 From: illfated Date: Tue, 12 Nov 2019 01:41:37 +0100 Subject: [PATCH 1/3] MSDATP: merge Note into find-machines-by-ip.md Description: As discussed in issue ticket #5400 (included page "Improve request performance" title format & placement), I propose to merge the single Note stub from the file 'improve-request-performance.md' into the file 'find-machines-by-ip.md' and remove the linked include file. I have also added a few formatting improvements like MD quote indent marker compatibility spacing as well as replacing tabs with 4 spaces in the response code block and finally replacing tabs with single spaces in the Permissions table. Proposed changes: - move the MD Note down to directly after the request code block - replace the include link with the actual file content - change the MD heading format from H1 title size to H2 section heading - remove the include source file (redundant after including the Note) - replace all tabs with 4 spaces, for Github source view compatibility - reduce 4 spaces to single spaces in the Permissions table - add MD quote indent marker compatibility spacing to another Note issue ticket closure or reference: Closes #5400 --- .../find-machines-by-ip.md | 54 ++++++++++--------- .../improve-request-performance.md | 26 --------- 2 files changed, 30 insertions(+), 50 deletions(-) delete mode 100644 windows/security/threat-protection/microsoft-defender-atp/improve-request-performance.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md index 56e4cf24a6..d48ffeb2c4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md +++ b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md @@ -29,17 +29,17 @@ The given timestamp must be in the past 30 days. ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) -Permission type | Permission | Permission display name +Permission type | Permission | Permission display name :---|:---|:--- -Application | Machine.Read.All | 'Read all machine profiles' -Application | Machine.ReadWrite.All | 'Read and write all machine information' +Application | Machine.Read.All | 'Read all machine profiles' +Application | Machine.ReadWrite.All | 'Read and write all machine information' Delegated (work or school account) | Machine.Read | 'Read machine information' Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information' ->[!Note] +> [!Note] > When obtaining a token using user credentials: ->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information) ->- Response will include only machines,that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information) +> - The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information) +> - Response will include only machines,that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information) ## HTTP request ``` @@ -57,7 +57,7 @@ Empty ## Response If successful and machines were found - 200 OK with list of the machines in the response body. -If no machine found - 404 Not Found. +If no machine found - 404 Not Found. If the timestamp is not in the past 30 days - 400 Bad Request. ## Example @@ -66,12 +66,18 @@ If the timestamp is not in the past 30 days - 400 Bad Request. Here is an example of the request. -[!include[Improve request performance](improve-request-performance.md)] - ``` GET https://api.securitycenter.windows.com/api/machines/findbyip(ip='10.248.240.38',timestamp=2018-09-22T08:44:05Z) ``` +## Improve request performance + +> [!NOTE] +> You can use a server closer to your geolocation for better performance : +> - api-us.securitycenter.windows.com +> - api-eu.securitycenter.windows.com +> - api-uk.securitycenter.windows.com + **Response** Here is an example of the response. @@ -84,21 +90,21 @@ Content-type: application/json "value": [ { "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", - "computerDnsName": "mymachine1.contoso.com", - "firstSeen": "2018-08-02T14:55:03.7791856Z", - "lastSeen": "2018-09-22T08:55:03.7791856Z", - "osPlatform": "Windows10", - "osVersion": "10.0.0.0", - "lastIpAddress": "10.248.240.38", - "lastExternalIpAddress": "167.220.196.71", - "agentVersion": "10.5830.18209.1001", - "osBuild": 18209, - "healthStatus": "Active", - "rbacGroupId": 140, - "rbacGroupName": "The-A-Team", - "riskScore": "Low", - "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", - "machineTags": [ "test tag 1", "test tag 2" ] + "computerDnsName": "mymachine1.contoso.com", + "firstSeen": "2018-08-02T14:55:03.7791856Z", + "lastSeen": "2018-09-22T08:55:03.7791856Z", + "osPlatform": "Windows10", + "osVersion": "10.0.0.0", + "lastIpAddress": "10.248.240.38", + "lastExternalIpAddress": "167.220.196.71", + "agentVersion": "10.5830.18209.1001", + "osBuild": 18209, + "healthStatus": "Active", + "rbacGroupId": 140, + "rbacGroupName": "The-A-Team", + "riskScore": "Low", + "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9", + "machineTags": [ "test tag 1", "test tag 2" ] } ] } diff --git a/windows/security/threat-protection/microsoft-defender-atp/improve-request-performance.md b/windows/security/threat-protection/microsoft-defender-atp/improve-request-performance.md deleted file mode 100644 index 880f5e4d11..0000000000 --- a/windows/security/threat-protection/microsoft-defender-atp/improve-request-performance.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -title: Improve request performance -description: Improve request performance -keywords: server, request, performance -search.product: eADQiWindows 10XVcnh -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article ---- - -# Improve request performance - - ->[!NOTE] ->For better performance, you can use server closer to your geo location: -> - api-us.securitycenter.windows.com -> - api-eu.securitycenter.windows.com -> - api-uk.securitycenter.windows.com \ No newline at end of file From e0747a05c12aeb98605c56aed2a3c3a3dc619f1b Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 12 Nov 2019 16:11:15 +0100 Subject: [PATCH 2/3] Update windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md - remove 2 unneeded commas Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/find-machines-by-ip.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md index d48ffeb2c4..ce180e32f8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md +++ b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md @@ -39,7 +39,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine > [!Note] > When obtaining a token using user credentials: > - The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information) -> - Response will include only machines,that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information) +> - Response will include only machines that the user have access to based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information) ## HTTP request ``` From 858925051c87407fe9d9be7211d4dfe6c4cf39cd Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 12 Nov 2019 16:16:18 +0100 Subject: [PATCH 3/3] Update windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md - remove a redundant blank space Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/find-machines-by-ip.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md index ce180e32f8..da798752be 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md +++ b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md @@ -73,7 +73,7 @@ GET https://api.securitycenter.windows.com/api/machines/findbyip(ip='10.248.240. ## Improve request performance > [!NOTE] -> You can use a server closer to your geolocation for better performance : +> You can use a server closer to your geolocation for better performance: > - api-us.securitycenter.windows.com > - api-eu.securitycenter.windows.com > - api-uk.securitycenter.windows.com