From c33f51f67c28e02e5052b3ce9c24be67d21df891 Mon Sep 17 00:00:00 2001
From: Ben Alfasi <bealfasi@microsoft.com>
Date: Thu, 25 Oct 2018 12:54:09 +0300
Subject: [PATCH] s

---
 windows/security/threat-protection/TOC.md     |   6 +-
 .../windows-defender-atp/TOC.md               |   4 +-
 ...defender-advanced-threat-protection-new.md |  77 +++++++++++++
 ...defender-advanced-threat-protection-new.md |  14 +--
 ...defender-advanced-threat-protection-new.md |   4 +-
 ...defender-advanced-threat-protection-new.md | 105 ------------------
 6 files changed, 91 insertions(+), 119 deletions(-)
 create mode 100644 windows/security/threat-protection/windows-defender-atp/delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md
 delete mode 100644 windows/security/threat-protection/windows-defender-atp/update-ti-indicator-windows-defender-advanced-threat-protection-new.md

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 7bfd43887d..2a3bb8ddea 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -352,10 +352,10 @@
 ######## [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md)
 
 ####### [Ti Indicator](windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md)
-######## [Get TiIndicator by ID](windows-defender-atp/get-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md)
 ######## [List TiIndicators](windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md)
-######## [Submit TiIndicator](windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md)
-######## [Update TiIndicator](windows-defender-atp/update-ti-indicator-windows-defender-advanced-threat-protection-new.md)
+######## [Get TiIndicator by ID](windows-defender-atp/get-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md)
+######## [Submit or Update TiIndicator](windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md)
+######## [Delete TiIndicator](windows-defender-atp/delete-ti-indicator-windows-defender-advanced-threat-protection-new.md)
 
 ###### How to use APIs - Samples
 ####### Advanced Hunting API
diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md
index 04c42b236f..5776de1442 100644
--- a/windows/security/threat-protection/windows-defender-atp/TOC.md
+++ b/windows/security/threat-protection/windows-defender-atp/TOC.md
@@ -290,8 +290,8 @@
 ###### [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md)
 ####### [List TiIndicators](get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md)
 ####### [Get TiIndicator by ID](get-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md)
-####### [Submit TiIndicator](post-ti-indicator-windows-defender-advanced-threat-protection-new.md)
-####### [Update TiIndicator](update-ti-indicator-windows-defender-advanced-threat-protection-new.md)
+####### [Submit or Update TiIndicator](post-ti-indicator-windows-defender-advanced-threat-protection-new.md)
+####### [Delete TiIndicator](delete-ti-indicator-windows-defender-advanced-threat-protection-new.md)
 
 ##### How to use APIs - Samples
 ###### Advanced Hunting API
diff --git a/windows/security/threat-protection/windows-defender-atp/delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md
new file mode 100644
index 0000000000..bad34080f3
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md
@@ -0,0 +1,77 @@
+---
+title: Delete Ti Indicator.
+description: Deletes Ti Indicator entity by ID.
+keywords: apis, public api, supported apis, delete, ti indicator, entity, id
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+ms.date: 12/08/2017
+---
+
+# Delete Ti Indicator API
+
+[!include[Prerelease information](prerelease.md)]
+
+>[!Note]
+> Currently this API is supported only for AppOnly context requests. (See [Get access without a user](exposed-apis-create-app-webapp.md) for more information)
+
+
+**Applies to:**
+
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+Retrieves a Ti Indicator entity by ID.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+
+Permission type |	Permission	|	Permission display name
+:---|:---|:---
+Application |	Ti.ReadWrite |	'Read and write Ti Indicators'
+
+
+## HTTP request
+```
+Delete https://api.securitycenter.windows.com/api/tiindicators/{id}
+```
+
+[!include[Improve request performance](improverequestperformance-new.md)]
+
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+
+## Request body
+Empty
+
+## Response
+If successful and machine exists - 204 OK without content.
+If Ti Indicator with the specified id was not found - 404 Not Found.
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+DELETE https://api.securitycenter.windows.com/api/tiindicators/220e7d15b0b3d7fac48f2bd61114db1022197f7f
+```
+
+**Response**
+
+Here is an example of the response.
+
+
+```
+HTTP/1.1 204 NO CONTENT
+
+```
diff --git a/windows/security/threat-protection/windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md
index e6ca8b30aa..a947298374 100644
--- a/windows/security/threat-protection/windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md
@@ -1,7 +1,7 @@
 ---
-title: Submit Ti Indicator API
-description: Use this API to submit Ti Indicator.
-keywords: apis, graph api, supported apis, submit, ti, ti indicator
+title: Submit or Update Ti Indicator API
+description: Use this API to submit or Update Ti Indicator.
+keywords: apis, graph api, supported apis, submit, ti, ti indicator, update
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -13,7 +13,7 @@ ms.localizationpriority: medium
 ms.date: 12/08/2017
 ---
 
-# Submit Ti Indicator API
+# Submit or Update Ti Indicator API
 
 [!include[PrereleaseÂ information](prerelease.md)]
 
@@ -25,7 +25,7 @@ ms.date: 12/08/2017
 
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-- Submits new [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
+- Submits or Updates new [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
 
 
 ## Permissions
@@ -67,7 +67,7 @@ recommendedActions | String | Recommended actions for the indicator.
 
 
 ## Response
-If successful, this method returns 201 - Created response code and the created [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) in the response body.
+If successful, this method returns 200 - OK response code and the created / updated [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity in the response body.
 
 
 ## Example
@@ -96,7 +96,7 @@ Content-type: application/json
 Here is an example of the response.
 
 ```
-HTTP/1.1 201 Created
+HTTP/1.1 200 OK
 Content-type: application/json
 {
     "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions/$entity",
diff --git a/windows/security/threat-protection/windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md
index 7591eb7ea2..36bff33024 100644
--- a/windows/security/threat-protection/windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md
@@ -24,8 +24,8 @@ Method|Return Type |Description
 :---|:---|:---
 [List TiIndicators](get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md) | [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) Collection | List [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entities.
 [Get TiIndicator by ID](get-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md) | [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) | Gets the requested [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
-[Submit TiIndicator](post-ti-indicator-windows-defender-advanced-threat-protection-new.md) | [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) | Submits [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
-[Update TiIndicator](update-ti-indicator-windows-defender-advanced-threat-protection-new.md) | [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) | Updates [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
+[Submit or Update TiIndicator](post-ti-indicator-windows-defender-advanced-threat-protection-new.md) | [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) | Submits [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
+[Delete TiIndicator](delete-ti-indicator-windows-defender-advanced-threat-protection-new.md) | No Content | Deletes [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
 
 
 # Properties
diff --git a/windows/security/threat-protection/windows-defender-atp/update-ti-indicator-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/update-ti-indicator-windows-defender-advanced-threat-protection-new.md
deleted file mode 100644
index 39402786b5..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/update-ti-indicator-windows-defender-advanced-threat-protection-new.md
+++ /dev/null
@@ -1,105 +0,0 @@
----
-title: Update Ti Indicator 
-description: Updates a specific Ti Indicator
-keywords: apis, public api, supported apis, patch, update, ti indicator, information, id
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-ms.date: 12/08/2017
----
-
-# Update TiIndicator 
-
-[!include[Prerelease information](prerelease.md)]
-
->[!Note]
-> Currently this API is supported only for AppOnly context requests. (See [Get access without a user](exposed-apis-create-app-webapp.md) for more information)
-
-
-**Applies to:**
-
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
-- Update the properties of an alert entity.
-
-## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
-
-Permission type |	Permission	|	Permission display name
-:---|:---|:---
-Application |	Ti.ReadWrite |	'Read and write Ti Indicators'
-
-
-## HTTP request
-```
-PATCH https://api.securitycenter.windows.com/api/tiindicators/{id}
-```
-
-## Request headers
-
-Name | Type | Description
-:---|:---|:---
-Authorization | String | Bearer {token}. **Required**.
-Content-Type | String | application/json. **Required**.
-
-
-## Request body
-In the request body, supply the values for the relevant fields that should be updated.Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't change.
-
-Property | Type | Description
-:---|:---|:---
-expirationTime | DateTimeOffset | The expiration time of the indicator.
-title | String | Ti indicator title.
-severity | Enum | The severity of the indicator. possible values are: "Informational", "Low", "Medium" and "High"
-description | String | Description of the indicator.
-recommendedActions | String | Recommended actions for the indicator.
-
-## Response
-If successful, this method returns 200 - OK, and the updated [Ti Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
-In case of incorrect Body, the return type will be 400 - Bad request, with message that indicates the reason.
-If the Ti Indicator is not exist, 404 - Not found.
-
-
-## Example
-
-**Request**
-
-Here is an example of the request.
-
-[!include[Improve request performance](improverequestperformance-new.md)]
-
-```
-PATCH https://api.securitycenter.windows.com/api/tiindicators/220e7d15b0b3d7fac48f2bd61114db1022197f7f
-Content-Type: application/json
-{
-    "title": "Ben2",
-    "severity": "High",
-    "description": "test2",
-    "expirationTime": "2020-12-12T00:00:00Z"
-}
-```
-
-**Response**
-
-Here is an example of the response.
-
-```
-{
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#TiIndicators/$entity",
-    "indicator": "220e7d15b0b3d7fac48f2bd61114db1022197f7f",
-    "indicatorType": "FileSha1",
-    "title": "Ben2",
-    "creationTimeDateTimeUtc": "2018-10-24T10:54:23.2009016Z",
-    "createdBy": "45097602-0cfe-4cc6-925f-9f453233e62c",
-    "expirationTime": "2020-12-12T00:00:00Z",
-    "action": "AlertAndBlock",
-    "severity": "High",
-    "description": "test",
-    "recommendedActions": "TEST2"
-}
-```