From bfac67f33e21e365f987b799a860d3c978ad8fb4 Mon Sep 17 00:00:00 2001 From: Ben Alfasi Date: Thu, 27 Sep 2018 15:29:51 +0300 Subject: [PATCH] s --- windows/security/threat-protection/TOC.md | 1 + .../windows-defender-atp/TOC.md | 1 + ...defender-advanced-threat-protection-new.md | 6 +- ...defender-advanced-threat-protection-new.md | 100 ++++++++++++++++++ 4 files changed, 105 insertions(+), 3 deletions(-) create mode 100644 windows/security/threat-protection/windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 204c70c03a..c0557b023b 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -320,6 +320,7 @@ ######## [Get machine log on users](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md) ######## [Get machine related alerts](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md) ######## [Add or Remove machine tags](windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md) +######## [Find machines by IP](windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md) ####### [Machine Action](windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md) ######## [List MachineActions](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection-new.md) diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md index 82189e4b5a..512fee13c9 100644 --- a/windows/security/threat-protection/windows-defender-atp/TOC.md +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -317,6 +317,7 @@ ####### [Get machine log on users](get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md) ####### [Get machine related alerts](get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md) ####### [Add or Remove machine tags](add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md) +####### [Find machines by IP](find-machines-by-ip-windows-defender-advanced-threat-protection-new.md) ###### [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) ####### [List MachineActions](get-machineactions-collection-windows-defender-advanced-threat-protection-new.md) diff --git a/windows/security/threat-protection/windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md index ce6b1f362e..65ac87525b 100644 --- a/windows/security/threat-protection/windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) -Adds or remove tag to a specific machine. +- Adds or remove tag to a specific machine. ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](exposed-apis-intro.md) @@ -80,9 +80,9 @@ Here is an example of the response. HTTP/1.1 200 Ok Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines/$entity", + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machine/$entity", "id": "863fed4b174465c703c6e412965a31b5e1884cc4", - "computerDnsName": "mymachine2.contoso.com", + "computerDnsName": "mymachine55.contoso.com", "firstSeen": "2018-07-31T14:20:55.8223496Z", "lastSeen": "2018-09-27T08:44:05.6228836Z", "osPlatform": "Windows10", diff --git a/windows/security/threat-protection/windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md new file mode 100644 index 0000000000..c2a99efc69 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md @@ -0,0 +1,100 @@ +--- +title: Find machines by IP API +description: Find machines seen with IP in the time range of 15 minutes prior and after a given timestamp +keywords: apis, graph api, supported apis, get, machine, IP, find, find machine, by ip, ip +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: medium +ms.date: 12/08/2017 +--- + +# Find machines by IP + +[!include[Prerelease information](prerelease.md)] + +**Applies to:** + +- Windows Defender Advanced Threat Protection (Windows Defender ATP) +- Find machines seen with IP in the time range of 15 minutes prior and after a given timestamp +- The given timestamp must be in the past 30 days. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](exposed-apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Machine.Read.All | 'Read all machine profiles' +Application | Machine.ReadWrite.All | 'Read and write all machine information' +Delegated (work or school account) | Machine.Read | 'Read machine information' +Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information' + +## HTTP request +``` +GET /api/machines/findbyip(ip='{IP}',timestamp={TimeStamp}) +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful and machines were found - 200 OK with list of the machines in the response body. +If no machine found - 404 Not Found. +If the timestamp is not in the past 30 days - 400 Bad Request. + + +## Example + +**Request** + +Here is an example of the request. + +[!include[Improve request performance](improverequestperformance-new.md)] + +``` +GET https://api.securitycenter.windows.com/api/machines/findbyip(ip='10.248.240.38',timestamp=2018-09-22T08:44:05Z) +``` + +**Response** + +Here is an example of the response. + + +``` +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", + "value": [ + { + "id": "863fed4b174465c703c6e412965a31b5e1884cc4", + "computerDnsName": "mymachine33.contoso.com", + "firstSeen": "2018-07-31T14:20:55.8223496Z", + "lastSeen": null, + "osPlatform": "Windows10", + "osVersion": null, + "lastIpAddress": "10.248.240.38", + "lastExternalIpAddress": "167.220.2.166", + "agentVersion": "10.3720.16299.98", + "osBuild": 16299, + "healthStatus": "Active", + "isAadJoined": true, + "machineTags": [], + "rbacGroupId": 75, + "riskScore": "Medium", + "aadDeviceId": null + } + ] +} +```