From b5ad72a81039c2e969fec8c76d6b67937cd4e654 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Tue, 27 Mar 2018 15:58:36 -0700
Subject: [PATCH] add ioc types to custom ti

---
 ...ndows-defender-advanced-threat-protection.md | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md
index c44eb648d5..05d249bdc3 100644
--- a/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 03/27/2018
 ---
 
 # Create custom alerts using the threat intelligence (TI) application program interface (API)
@@ -184,6 +184,21 @@ Content-Type: application/json;
 ```
 If successful, you should get a 201 CREATED response containing the representation of the newly created indicators of compromise in the payload.
 
+The API currently supports the following IOC types:
+
+- Sha1
+- Sha256
+- Md5
+- FileName
+- IpAddress
+- DomainName 
+
+And the following operators:
+
+- Equals
+- StartWith
+- EndWith
+- Contains
 
 ## Bulk upload of alert definitions and IOCs
 Bulk upload of multiple entities can be done by sending an HTTP POST request to `/{resource}/Actions.BulkUpload`. </br>