deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-19 00:37:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Fixes

Browse Source
This commit is contained in:
David Laufer 2018-07-29 17:39:59 +03:00
parent 97fde0fc12
commit b4bf8944b6
3 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/windows-defender-atp/TOC.md
View File

@ -100,7 +100,7 @@
### [**Beta!** Use Windows Defender ATP APIs](exposed-apis-windows-defender-advanced-threat-protection-new.md)
#### [Supported Windows Defender ATP APIs](supported-apis-windows-defender-advanced-threat-protection-new.md)
##### [Advanced Hunting](run-advanced-query-windows-defender-advanced-threat-protection.md)
#### [Examples how to use APIs]
#### How to use APIs - Samples
##### [Schedule advanced Hunting using Microsoft Flow](run-advanced-query-windows-defender-advanced-threat-protection-sample-ms-flow.md)
##### [Advanced Hunting using PowerShell](run-advanced-query-windows-defender-advanced-threat-protection-sample-powershell.md)

4
windows/security/threat-protection/windows-defender-atp/run-advanced-query-windows-defender-advanced-threat-protection-sample-ms-flow.md
View File

@ -68,7 +68,7 @@ This is an example only, you could perform on your results any other action supp
- Add an 'Insert row' action you will need to supply the connection details
- Select the table you want to update and define the mapping between the WD-ATP output to the SQL. Note it is possible to manipulate the data inside the flow. In the example I changed the type of the EventTime.
![Image of select from DB](images/ms-flow-insert-db.png)
![Image of insert into DB](images/ms-flow-insert-db.png)
The output in the SQL DB is getting updates and can be used for correlation with other data sources. You can now read from your table:
@ -76,7 +76,7 @@ The output in the SQL DB is getting updates and can be used for correlation with
You can find below the full definition
![Image of select from DB](images/ms-flow-e2e.png)
![Image of E2E flow](images/ms-flow-e2e.png)
## Related topic
- [Advanced Hunting API](run-advanced-query-windows-defender-advanced-threat-protection.md)

5
windows/security/threat-protection/windows-defender-atp/run-advanced-query-windows-defender-advanced-threat-protection-sample-powershell.md
View File

@ -26,11 +26,13 @@ In this section we share PowerShell samples to retrieve a token and use it to ru
```
Set-ExecutionPolicy -ExecutionPolicy Bypass
```
>For more details, refer to [PowerShell documentation](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/set-executionpolicy)
## Get token
- Run
- Run the below
```
$tenantId = '00000000-0000-0000-0000-000000000000' # Paste your own tenant ID here
$appId = '00000000-0000-0000-0000-000000000000' # Paste your own app ID here
@ -48,6 +50,7 @@ $response = Invoke-RestMethod -Method Post -Uri $oAuthUri -Body $body -ErrorActi
$aadToken = $response.access_token
```
where
- $tenantId: ID of the tenant on behalf of which you want to run the query (i.e., the query will be run on the data of this tenant)
- $appId: ID of your AAD app (the app must have 'Run advanced queries' permission to WDATP)