From b7ac564fd79b1e104204a9c2155adb1968e9e98e Mon Sep 17 00:00:00 2001 From: Ben Alfasi Date: Sun, 24 Jan 2021 14:30:32 +0200 Subject: [PATCH 1/7] 1 --- .../microsoft-defender-atp/find-machines-by-tag.md | 13 ++++++++++--- .../get-discovered-vulnerabilities.md | 4 ++++ .../microsoft-defender-atp/get-domain-statistics.md | 7 ++++++- .../microsoft-defender-atp/get-file-statistics.md | 7 ++++++- .../microsoft-defender-atp/get-ip-statistics.md | 7 ++++++- .../get-missing-kbs-machine.md | 6 +++++- .../get-security-recommendations.md | 4 ++++ .../microsoft-defender-atp/import-ti-indicators.md | 2 +- 8 files changed, 42 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md index c077f850b8..e34e5962d8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md +++ b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md @@ -32,7 +32,7 @@ ms.topic: article ## API description Find [Machines](machine.md) by [Tag](machine-tags.md). - +
```startswith``` query is supported. ## Limitations 1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour. @@ -56,7 +56,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine ## HTTP request ``` -GET /api/machines/findbytag(tag='{tag}') +GET /api/machines/findbytag?tag={tag}&useStartsWithFilter={true/false} ``` ## Request headers @@ -65,6 +65,13 @@ Name | Type | Description :---|:---|:--- Authorization | String | Bearer {token}. **Required**. +## Request URI parameters + +Name | Type | Description +:---|:---|:--- +tag | String | The tag name. **Required**. +useStartsWithFilter | Boolean | When set to true, the search will find all devices with tag name that starts with the given tag in the query. Defaults to false. **Optional**. + ## Request body Empty @@ -78,5 +85,5 @@ If successful - 200 OK with list of the machines in the response body. Here is an example of the request. ``` -GET https://api.securitycenter.microsoft.com/api/machines/findbytag(tag='testTag') +GET https://api.securitycenter.microsoft.com/api/machines/findbytag?tag=testTag&useStartsWithFilter=true ``` \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md index 773a35d073..258209f10d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md @@ -30,8 +30,12 @@ ms.technology: mde [!include[Improve request performance](../../includes/improve-request-performance.md)] +## API description Retrieves a collection of discovered vulnerabilities related to a given device ID. +## Limitations +1. Rate limitations for this API are 50 calls per minute and 1500 calls per hour. + ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md index dda241406d..3720025ad9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md @@ -62,6 +62,11 @@ Header | Value :---|:--- Authorization | Bearer {token}. **Required**. +## Request URI parameters + +Name | Type | Description +:---|:---|:--- +lookBackHours | Int32 | Defines the hours we search back to get the statistics. Defaults to 30 days. **Optional**. ## Request body Empty @@ -77,7 +82,7 @@ If successful and domain exists - 200 OK, with statistics object in the response Here is an example of the request. ``` -GET https://api.securitycenter.microsoft.com/api/domains/example.com/stats +GET https://api.securitycenter.microsoft.com/api/domains/example.com/stats?lookBackHours=48 ``` **Response** diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md index 45c0c7f97f..ac9da34d73 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md @@ -62,6 +62,11 @@ Name | Type | Description :---|:---|:--- Authorization | String | Bearer {token}. **Required**. +## Request URI parameters + +Name | Type | Description +:---|:---|:--- +lookBackHours | Int32 | Defines the hours we search back to get the statistics. Defaults to 30 days. **Optional**. ## Request body Empty @@ -77,7 +82,7 @@ If successful and file exists - 200 OK with statistical data in the body. If fil Here is an example of the request. ``` -GET https://api.securitycenter.microsoft.com/api/files/0991a395da64e1c5fbe8732ed11e6be064081d9f/stats +GET https://api.securitycenter.microsoft.com/api/files/0991a395da64e1c5fbe8732ed11e6be064081d9f/stats?lookBackHours=48 ``` **Response** diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md index e720d2f338..5ba7c77cd7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md @@ -63,6 +63,11 @@ Name | Type | Description :---|:---|:--- Authorization | String | Bearer {token}. **Required**. +## Request URI parameters + +Name | Type | Description +:---|:---|:--- +lookBackHours | Int32 | Defines the hours we search back to get the statistics. Defaults to 30 days. **Optional**. ## Request body Empty @@ -78,7 +83,7 @@ If successful and ip exists - 200 OK with statistical data in the body. IP do no Here is an example of the request. ```http -GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/stats +GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/stats?lookBackHours=48 ``` **Response** diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md index 9ac01f22cf..abb4bd89f5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md @@ -30,7 +30,11 @@ ms.technology: mde [!include[Improve request performance](../../includes/improve-request-performance.md)] -Retrieves missing KBs (security updates) by device ID +## API description +Retrieves missing KBs (security updates) by device ID. + +## Limitations +1. Rate limitations for this API are 50 calls per minute and 1500 calls per hour. ## HTTP request diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md index 1d2dfe41dd..f08ce4f926 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md @@ -31,8 +31,12 @@ ms.technology: mde [!include[Prerelease information](../../includes/prerelease.md)] +## API description Retrieves a collection of security recommendations related to a given device ID. +## Limitations +1. Rate limitations for this API are 50 calls per minute and 1500 calls per hour. + ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md index 822e0f9985..8e33f2ae5c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md +++ b/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md @@ -37,7 +37,7 @@ Submits or Updates batch of [Indicator](ti-indicator.md) entities. ## Limitations 1. Rate limitations for this API are 30 calls per minute. 2. There is a limit of 15,000 active [Indicators](ti-indicator.md) per tenant. - +3. Maximum batch size for one API call is 500. ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Get started](apis-intro.md) From b54bd97a85d313c549533a537de4f5dcc35b61ea Mon Sep 17 00:00:00 2001 From: Ben Alfasi Date: Sun, 24 Jan 2021 14:57:21 +0200 Subject: [PATCH 2/7] 2 --- .../add-or-remove-machine-tags.md | 6 ++++-- .../collect-investigation-package.md | 4 +++- .../get-alert-related-domain-info.md | 4 +--- .../get-alert-related-files-info.md | 4 +--- .../get-alert-related-ip-info.md | 4 +--- .../get-alert-related-machine-info.md | 4 +--- .../get-alert-related-user-info.md | 4 +--- .../microsoft-defender-atp/get-domain-statistics.md | 4 +--- .../microsoft-defender-atp/get-file-information.md | 4 +--- .../microsoft-defender-atp/get-file-statistics.md | 4 +--- .../get-investigation-collection.md | 4 +--- .../microsoft-defender-atp/get-ip-statistics.md | 4 +--- .../microsoft-defender-atp/get-kbinfo-collection.md | 7 ++----- .../microsoft-defender-atp/get-machine-by-id.md | 4 +--- .../get-machine-log-on-users.md | 4 +--- .../get-machineaction-object.md | 6 ++---- .../get-machineactions-collection.md | 6 ++---- .../microsoft-defender-atp/get-machines.md | 4 +--- .../get-machinesecuritystates-collection.md | 7 ++----- .../microsoft-defender-atp/get-package-sas-uri.md | 8 ++------ .../get-ti-indicators-collection.md | 12 ++++-------- .../microsoft-defender-atp/get-user-information.md | 7 ++----- .../initiate-autoir-investigation.md | 8 +++++--- .../microsoft-defender-atp/isolate-machine.md | 10 ++++++---- .../microsoft-defender-atp/offboard-machine-api.md | 6 ++++-- .../restrict-code-execution.md | 9 +++++---- .../microsoft-defender-atp/run-advanced-query-api.md | 12 +++++++----- .../microsoft-defender-atp/run-av-scan.md | 6 ++++-- .../stop-and-quarantine-file.md | 6 ++++-- .../microsoft-defender-atp/unisolate-machine.md | 6 ++++-- .../unrestrict-code-execution.md | 6 ++++-- .../microsoft-defender-atp/update-alert.md | 5 +++-- 32 files changed, 82 insertions(+), 107 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md b/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md index c9987f3a99..2a992e5e4f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md +++ b/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md @@ -90,9 +90,11 @@ If successful, this method returns 200 - Ok response code and the updated Machin Here is an example of a request that adds machine tag. -```http +``` POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/tags -Content-type: application/json +``` + +```json { "Value" : "test Tag 2", "Action": "Add" diff --git a/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md b/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md index ee50396e37..7c823acfd6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md +++ b/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md @@ -83,7 +83,9 @@ Here is an example of the request. ``` POST https://api.securitycenter.microsoft.com/api/machines/fb9ab6be3965095a09c057be7c90f0a2/collectInvestigationPackage -Content-type: application/json +``` + +```json { "Comment": "Collect forensics due to alert 1234" } diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md index 9347365103..aaa3ab921d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md @@ -85,9 +85,7 @@ GET https://api.securitycenter.microsoft.com/alerts/636688558380765161_213628044 Here is an example of the response. -``` -HTTP/1.1 200 OK -Content-type: application/json +```json { "@odata.context": "https://api.securitycenter.microsoft.com/$metadata#Domains", "value": [ diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md index 80dfa7de59..705b9284db 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md @@ -86,9 +86,7 @@ GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_21362 Here is an example of the response. -``` -HTTP/1.1 200 OK -Content-type: application/json +```json { "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Files", "value": [ diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md index b241dd2b72..02701c84db 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md @@ -87,9 +87,7 @@ GET https://api.securitycenter.microsoft.com/alerts/636688558380765161_213628044 Here is an example of the response. -``` -HTTP/1.1 200 OK -Content-type: application/json +```json { "@odata.context": "https://api.securitycenter.microsoft.com/$metadata#Ips", "value": [ diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md index e4850f8d55..a5e59345c3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md @@ -88,9 +88,7 @@ GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_21362 Here is an example of the response. -``` -HTTP/1.1 200 OK -Content-type: application/json +```json { "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines/$entity", "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md index ea89e7158c..a256a1f597 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md @@ -87,9 +87,7 @@ GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_21362 Here is an example of the response. -``` -HTTP/1.1 200 OK -Content-type: application/json +```json { "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users/$entity", "id": "contoso\\user1", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md index 3720025ad9..dd3331b476 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md @@ -90,9 +90,7 @@ GET https://api.securitycenter.microsoft.com/api/domains/example.com/stats?lookB Here is an example of the response. -``` -HTTP/1.1 200 OK -Content-type: application/json +```json { "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgDomainStats", "host": "example.com", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md index 736c3298e2..019f1385c7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md @@ -85,9 +85,7 @@ GET https://api.securitycenter.microsoft.com/api/files/4388963aaa83afe2042a46a3c Here is an example of the response. -``` -HTTP/1.1 200 OK -Content-type: application/json +```json { "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Files/$entity", "sha1": "4388963aaa83afe2042a46a3c017ad50bdcdafb3", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md index ac9da34d73..cf1898803a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md @@ -90,9 +90,7 @@ GET https://api.securitycenter.microsoft.com/api/files/0991a395da64e1c5fbe8732ed Here is an example of the response. -``` -HTTP/1.1 200 OK -Content-type: application/json +```json { "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgFileStats", "sha1": "0991a395da64e1c5fbe8732ed11e6be064081d9f", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md index 47662456ae..cca2597b98 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md @@ -90,9 +90,7 @@ GET https://api.securitycenter.microsoft.com/api/investigations Here is an example of the response: -``` -HTTP/1.1 200 Ok -Content-type: application/json +```json { "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Investigations", "value": [ diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md index 5ba7c77cd7..bc04301ab1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md @@ -91,9 +91,7 @@ GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/stats?lookBac Here is an example of the response. -```http -HTTP/1.1 200 OK -Content-type: application/json +```json { "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgIPStats", "ipAddress": "10.209.67.177", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md index f108cdfbf6..0eeced010e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md @@ -61,18 +61,15 @@ If successful - 200 OK. Here is an example of the request. -``` +```http GET https://graph.microsoft.com/testwdatppreview/KbInfo -Content-type: application/json ``` **Response** Here is an example of the response. -``` -HTTP/1.1 200 OK -Content-type: application/json +```json { "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#KbInfo", "@odata.count": 271, diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md index ceac9cc0ed..0a6ff20f30 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md @@ -91,9 +91,7 @@ GET https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c29 Here is an example of the response. -```http -HTTP/1.1 200 OK -Content-type: application/json +```json { "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machine", "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md index f4730dce02..3e9b901fac 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md @@ -87,9 +87,7 @@ GET https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c29 Here is an example of the response. -```http -HTTP/1.1 200 OK -Content-type: application/json +```json { "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users", "value": [ diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md b/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md index 35d7343116..9520bd1379 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md @@ -77,7 +77,7 @@ If successful, this method returns 200, Ok response code with a [Machine Action] Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/machineactions/2e9da30d-27f6-4208-81f2-9cd3d67893ba ``` @@ -86,9 +86,7 @@ GET https://api.securitycenter.microsoft.com/api/machineactions/2e9da30d-27f6-42 Here is an example of the response. -``` -HTTP/1.1 200 Ok -Content-type: application/json +```json { "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions/$entity", "id": "5382f7ea-7557-4ab7-9782-d50480024a4e", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md index 11bd89fa3b..d910d3beda 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md @@ -82,7 +82,7 @@ If successful, this method returns 200, Ok response code with a collection of [m Here is an example of the request on an organization that has three MachineActions. -``` +```http GET https://api.securitycenter.microsoft.com/api/machineactions ``` @@ -91,9 +91,7 @@ GET https://api.securitycenter.microsoft.com/api/machineactions Here is an example of the response. -``` -HTTP/1.1 200 Ok -Content-type: application/json +```json { "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions", "value": [ diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md index ad2331e5ab..42a179a64f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md @@ -92,9 +92,7 @@ GET https://api.securitycenter.microsoft.com/api/machines Here is an example of the response. -```http -HTTP/1.1 200 OK -Content-type: application/json +```json { "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines", "value": [ diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md index 9565ba0014..9d1e0ef235 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md @@ -60,9 +60,8 @@ If successful - 200 OK. Here is an example of the request. -``` +```http GET https://graph.microsoft.com/testwdatppreview/machinesecuritystates -Content-type: application/json ``` **Response** @@ -70,9 +69,7 @@ Content-type: application/json Here is an example of the response. Field *id* contains device id and equal to the field *id** in devices info. -``` -HTTP/1.1 200 OK -Content-type: application/json +```json { "@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#MachineSecurityStates", "@odata.count":444, diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md b/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md index ccd17fea22..2683556f81 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md @@ -73,19 +73,15 @@ If successful, this method returns 200, Ok response code with object that holds Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/machineactions/7327b54fd718525cbca07dacde913b5ac3c85673/GetPackageUri - ``` **Response** Here is an example of the response. -``` -HTTP/1.1 200 Ok -Content-type: application/json - +```json { "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Edm.String", "value": "\"https://userrequests-us.securitycenter.windows.com:443/safedownload/WDATP_Investigation_Package.zip?token=gbDyj7y%2fbWGAZjn2sFiZXlliBTXOCVG7yiJ6mXNaQ9pLByC2Wxeno9mENsPFP3xMk5l%2bZiJXjLvqAyNEzUNROxoM2I1er9dxzfVeBsxSmclJjPsAx%2btiNyxSz1Ax%2b5jaT5cL5bZg%2b8wgbwY9urXbTpGjAKh6FB1e%2b0ypcWkPm8UkfOwsmtC%2biZJ2%2bPqnkkeQk7SKMNoAvmh9%2fcqDIPKXGIBjMa0D9auzypOqd8bQXp7p2BnLSH136BxST8n9IHR4PILvRjAYW9kvtHkBpBitfydAsUW4g2oDZSPN3kCLBOoo1C4w4Lkc9Bc3GNU2IW6dfB7SHcp7G9p4BDkeJl3VuDs6esCaeBorpn9FKJ%2fXo7o9pdcI0hUPZ6Ds9hiPpwPUtz5J29CBE3QAopCK%2fsWlf6OW2WyXsrNRSnF1tVE5H3wXpREzuhD7S4AIA3OIEZKzC4jIPLeMu%2bazZU9xGwuc3gICOaokbwMJiZTqcUuK%2fV9YdBdjdg8wJ16NDU96Pl6%2fgew2KYuk6Wo7ZuHotgHI1abcsvdlpe4AvixDbqcRJthsg2PpLRaFLm5av44UGkeK6TJpFvxUn%2f9fg6Zk5yM1KUTHb8XGmutoCM8U9er6AzXZlY0gGc3D3bQOg41EJZkEZLyUEbk1hXJB36ku2%2bW01cG71t7MxMBYz7%2bdXobxpdo%3d%3bRWS%2bCeoDfTyDcfH5pkCg6hYDmCOPr%2fHYQuaUWUBNVnXURYkdyOzVHqp%2fe%2f1BNyPdVoVkpQHpz1pPS3b5g9h7IMmNKCk5gFq5m2nPx6kk9EYtzx8Ndoa2m9Yj%2bSaf8zIFke86YnfQL4AYewsnQNJJh4wc%2bXxGlBq7axDcoiOdX91rKzVicH3GSBkFoLFAKoegWWsF%2fEDZcVpF%2fXUA1K8HvB6dwyfy4y0sAqnNPxYTQ97mG7yHhxPt4Pe9YF2UPPAJVuEf8LNlQ%2bWHC9%2f7msF6UUI4%2fca%2ftpjFs%2fSNeRE8%2fyQj21TI8YTF1SowvaJuDc1ivEoeopNNGG%2bGI%2fX0SckaVxU9Hdkh0zbydSlT5SZwbSwescs0IpzECitBbaLUz4aT8KTs8T0lvx8D7Te3wVsKAJ1r3iFMQZrlk%2bS1WW8rvac7oHRx2HKURn1v7fDIQWgJr9aNsNlFz4fLJ50T2qSHuuepkLVbe93Va072aMGhvr09WVKoTpAf1j2bcFZZU6Za5PxI32mr0k90FgiYFJ1F%2f1vRDrGwvWVWUkR3Z33m4g0gHa52W1FMxQY0TJIwbovD6FaSNDx7xhKZSd5IJ7r6P91Gez49PaZRcAZPjd%2bfbul3JNm1VqQPTLohT7wa0ymRiXpSST74xtFzuEBzNSNATdbngj3%2fwV4JesTjZjIj5Dc%3d%3blumqauVlFuuO8MQffZgs0tLJ4Fq6fpeozPTdDf8Ll6XLegi079%2b4mSPFjTK0y6eohstxdoOdom2wAHiZwk0u4KLKmRkfYOdT1wHY79qKoBQ3ZDHFTys9V%2fcwKGl%2bl8IenWDutHygn5IcA1y7GTZj4g%3d%3d\"" diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md index 58cb3f78a5..5a5ea5a354 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md @@ -78,7 +78,7 @@ If successful, this method returns 200, Ok response code with a collection of [I Here is an example of a request that gets all Indicators -``` +```http GET https://api.securitycenter.microsoft.com/api/indicators ``` @@ -86,9 +86,7 @@ GET https://api.securitycenter.microsoft.com/api/indicators Here is an example of the response. -``` -HTTP/1.1 200 Ok -Content-type: application/json +```json { "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Indicators", "value": [ @@ -141,7 +139,7 @@ Content-type: application/json Here is an example of a request that gets all Indicators with 'AlertAndBlock' action -``` +```http GET https://api.securitycenter.microsoft.com/api/indicators?$filter=action+eq+'AlertAndBlock' ``` @@ -149,9 +147,7 @@ GET https://api.securitycenter.microsoft.com/api/indicators?$filter=action+eq+'A Here is an example of the response. -``` -HTTP/1.1 200 Ok -Content-type: application/json +```json { "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Indicators", "value": [ diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md index 7a7e85e081..d4d47fa618 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md @@ -64,9 +64,8 @@ If successful and user exists - 200 OK with [user](user.md) entity in the body. Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/users/user1 -Content-type: application/json ``` **Response** @@ -74,9 +73,7 @@ Content-type: application/json Here is an example of the response. -``` -HTTP/1.1 200 OK -Content-type: application/json +```json { "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users/$entity", "id": "user1", diff --git a/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md index dfb9ea34c6..caa8fb231b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md @@ -84,9 +84,11 @@ If successful, this method returns 201 - Created response code and [Investigatio Here is an example of the request. -``` +```http POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/startInvestigation -Content-type: application/json +``` + +```json { - "Comment": "Test investigation", + "Comment": "Test investigation" } diff --git a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md index 00d02c3bfe..67f0760774 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md @@ -90,13 +90,15 @@ If successful, this method returns 201 - Created response code and [Machine Acti Here is an example of the request. -```console +``` POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/isolate -Content-type: application/json +``` + +```json { "Comment": "Isolate machine due to alert 1234", - “IsolationType”: “Full” + "IsolationType": "Full" } ``` -- To unisolate a device, see [Release device from isolation](unisolate-machine.md). +- To release a device from isolation, see [Release device from isolation](unisolate-machine.md). \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md index 8eef870362..df8552d5a9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md +++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md @@ -87,9 +87,11 @@ If successful, this method returns 201 - Created response code and [Machine Acti Here is an example of the request. -``` +```http POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/offboard -Content-type: application/json +``` + +```json { "Comment": "Offboard machine by automation" } diff --git a/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md b/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md index fb99be0444..a78424ca79 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md +++ b/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md @@ -83,14 +83,15 @@ If successful, this method returns 201 - Created response code and [Machine Acti Here is an example of the request. -``` +```http POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/restrictCodeExecution -Content-type: application/json +``` + +```json { "Comment": "Restrict code execution due to alert 1234" } ``` -- To remove code execution restriction from a device, see [Remove app restriction](unrestrict-code-execution.md). - +- To remove code execution restriction from a device, see [Remove app restriction](unrestrict-code-execution.md). \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md index 88fddcc27b..195101b45a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md @@ -35,10 +35,10 @@ ms.technology: mde 1. You can only run a query on data from the last 30 days. 2. The results will include a maximum of 100,000 rows. 3. The number of executions is limited per tenant: - - API calls: Up to 15 calls per minute - - Execution time: 10 minutes of running time every hour and 4 hours of running time a day + - API calls: Up to 45 calls per minute. + - Execution time: 10 minutes of running time every hour and 4 hours of running time a day. 4. The maximal execution time of a single request is 10 minutes. -5. 429 response will represent reaching quota limit either by number of requests or by CPU. The 429 response body will also indicate the time until the quota is renewed. +5. 429 response will represent reaching quota limit either by number of requests or by CPU. Read response body to understand what limit has been reached. ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md) @@ -82,9 +82,11 @@ Request Here is an example of the request. -``` +```http POST https://api.securitycenter.microsoft.com/api/advancedqueries/run -Content-type: application/json +``` + +```json { "Query":"DeviceProcessEvents | where InitiatingProcessFileName =~ 'powershell.exe' diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md index dda698fd60..aac2826f29 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md @@ -91,9 +91,11 @@ If successful, this method returns 201, Created response code and _MachineAction Here is an example of the request. -``` +```http POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/runAntiVirusScan -Content-type: application/json +``` + +```json { "Comment": "Check machine for viruses due to alert 3212", “ScanType”: “Full” diff --git a/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md b/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md index 26a77dc157..6ab096b9f7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md +++ b/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md @@ -84,9 +84,11 @@ If successful, this method returns 201 - Created response code and [Machine Acti Here is an example of the request. -``` +```http POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/StopAndQuarantineFile -Content-type: application/json +``` + +```json { "Comment": "Stop and quarantine file on machine due to alert 441688558380765161_2136280442", "Sha1": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9" diff --git a/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md b/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md index 2ddc0fa5f4..9d41281585 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md @@ -84,9 +84,11 @@ If successful, this method returns 201 - Created response code and [Machine Acti Here is an example of the request. -``` +```http POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/unisolate -Content-type: application/json +``` + +```json { "Comment": "Unisolate machine since it was clean and validated" } diff --git a/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md b/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md index c8b9276441..41934f0380 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md +++ b/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md @@ -82,9 +82,11 @@ If successful, this method returns 201 - Created response code and [Machine Acti Here is an example of the request. -``` +```http POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/unrestrictCodeExecution -Content-type: application/json +``` + +```json { "Comment": "Unrestrict code execution since machine was cleaned and validated" } diff --git a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md index 4f6423b15e..d2f3515f96 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md +++ b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md @@ -91,10 +91,11 @@ If successful, this method returns 200 OK, and the [alert](alerts.md) entity in Here is an example of the request. -``` +```http PATCH https://api.securitycenter.microsoft.com/api/alerts/121688558380765161_2136280442 -Content-Type: application/json +``` +```json { "status": "Resolved", "assignedTo": "secop2@contoso.com", From f803e252caab050a81ec70c30fd0ae8fb48684ef Mon Sep 17 00:00:00 2001 From: Ben Alfasi Date: Sun, 24 Jan 2021 15:46:51 +0200 Subject: [PATCH 3/7] 1 --- .../collect-investigation-package.md | 2 +- .../microsoft-defender-atp/create-alert-by-reference.md | 3 ++- .../microsoft-defender-atp/delete-ti-indicator-by-id.md | 2 +- .../microsoft-defender-atp/find-machines-by-ip.md | 2 +- .../microsoft-defender-atp/find-machines-by-tag.md | 2 +- .../get-alert-related-domain-info.md | 2 +- .../microsoft-defender-atp/get-alert-related-files-info.md | 2 +- .../microsoft-defender-atp/get-alert-related-ip-info.md | 2 +- .../get-alert-related-machine-info.md | 2 +- .../microsoft-defender-atp/get-alert-related-user-info.md | 2 +- .../threat-protection/microsoft-defender-atp/get-alerts.md | 4 ++-- .../microsoft-defender-atp/get-all-recommendations.md | 2 +- .../get-all-vulnerabilities-by-machines.md | 2 +- .../microsoft-defender-atp/get-all-vulnerabilities.md | 2 +- .../microsoft-defender-atp/get-cvekbmap-collection.md | 7 ++----- .../microsoft-defender-atp/get-device-secure-score.md | 2 +- .../get-discovered-vulnerabilities.md | 4 ++-- .../microsoft-defender-atp/get-domain-statistics.md | 2 +- .../microsoft-defender-atp/get-exposure-score.md | 2 +- .../microsoft-defender-atp/get-file-information.md | 2 +- .../microsoft-defender-atp/get-file-related-alerts.md | 2 +- .../microsoft-defender-atp/get-file-related-machines.md | 2 +- .../microsoft-defender-atp/get-file-statistics.md | 2 +- .../microsoft-defender-atp/get-installed-software.md | 2 +- .../microsoft-defender-atp/get-ip-related-alerts.md | 2 +- .../get-machine-group-exposure-score.md | 2 +- .../microsoft-defender-atp/get-machines-by-software.md | 3 +-- .../get-machines-by-vulnerability.md | 2 +- .../microsoft-defender-atp/get-missing-kbs-machine.md | 2 +- .../microsoft-defender-atp/get-missing-kbs-software.md | 2 +- .../microsoft-defender-atp/get-recommendation-by-id.md | 2 +- .../microsoft-defender-atp/get-recommendation-machines.md | 2 +- .../microsoft-defender-atp/get-recommendation-software.md | 2 +- .../get-recommendation-vulnerabilities.md | 2 +- .../microsoft-defender-atp/get-security-recommendations.md | 4 ++-- .../microsoft-defender-atp/get-software-by-id.md | 3 +-- .../get-software-ver-distribution.md | 3 +-- .../microsoft-defender-atp/get-software.md | 2 +- .../microsoft-defender-atp/get-user-related-alerts.md | 2 +- .../microsoft-defender-atp/get-user-related-machines.md | 2 +- .../microsoft-defender-atp/get-vuln-by-software.md | 3 +-- .../microsoft-defender-atp/get-vulnerability-by-id.md | 2 +- .../microsoft-defender-atp/import-ti-indicators.md | 3 ++- .../microsoft-defender-atp/isolate-machine.md | 2 +- .../microsoft-defender-atp/post-ti-indicator.md | 3 ++- .../microsoft-defender-atp/run-av-scan.md | 2 +- .../microsoft-defender-atp/update-alert.md | 2 +- 47 files changed, 54 insertions(+), 58 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md b/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md index 7c823acfd6..dea6142742 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md +++ b/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md @@ -81,7 +81,7 @@ If successful, this method returns 201 - Created response code and [Machine Acti Here is an example of the request. -``` +```http POST https://api.securitycenter.microsoft.com/api/machines/fb9ab6be3965095a09c057be7c90f0a2/collectInvestigationPackage ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md index ac6a1ed6be..91a38d3f42 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md @@ -96,9 +96,10 @@ If successful, this method returns 200 OK, and a new [alert](alerts.md) object i Here is an example of the request. -``` +```http POST https://api.securitycenter.microsoft.com/api/alerts/CreateAlertByReference ``` + ```json { "machineId": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", diff --git a/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md index c4921c50f4..127f52cd7a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md @@ -73,6 +73,6 @@ If Indicator with the specified id was not found - 404 Not Found. Here is an example of the request. -``` +```http DELETE https://api.securitycenter.microsoft.com/api/indicators/995 ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md index 5a461d731b..d9ebb6559c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md +++ b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md @@ -80,6 +80,6 @@ If the timestamp is not in the past 30 days - 400 Bad Request. Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/machines/findbyip(ip='10.248.240.38',timestamp=2019-09-22T08:44:05Z) ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md index e34e5962d8..5bb4e7756f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md +++ b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md @@ -84,6 +84,6 @@ If successful - 200 OK with list of the machines in the response body. Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/machines/findbytag?tag=testTag&useStartsWithFilter=true ``` \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md index aaa3ab921d..c84308bef0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md @@ -77,7 +77,7 @@ If successful and alert and domain exist - 200 OK. If alert not found - 404 Not Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/alerts/636688558380765161_2136280442/domains ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md index 705b9284db..015b98dba0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md @@ -77,7 +77,7 @@ If successful and alert and files exist - 200 OK. If alert not found - 404 Not F Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_2136280442/files ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md index 02701c84db..602a1fd1c4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md @@ -78,7 +78,7 @@ If successful and alert and an IP exist - 200 OK. If alert not found - 404 Not F Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/alerts/636688558380765161_2136280442/ips ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md index a5e59345c3..60d47669c1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md @@ -79,7 +79,7 @@ If successful and alert and device exist - 200 OK. If alert not found or device Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_2136280442/machine ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md index a256a1f597..2afbe73739 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md @@ -78,7 +78,7 @@ If successful and alert and a user exists - 200 OK with user in the body. If ale Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_2136280442/user ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md index 918af17cc7..eb0067b2ba 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md @@ -88,7 +88,7 @@ If successful, this method returns 200 OK, and a list of [alert](alerts.md) obje Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/alerts ``` @@ -152,7 +152,7 @@ Here is an example of the response. Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/alerts?$top=10&$expand=evidence ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md index 9be5af6b31..6548493ea9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md @@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the list of security recommendati Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/recommendations ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md index 73cc542fda..0126da149d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md @@ -72,7 +72,7 @@ If successful, this method returns 200 OK with the list of vulnerabilities in th Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/vulnerabilities/machinesVulnerabilities ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md index 17f9e97ef1..00ade14700 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md @@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the list of vulnerabilities in th Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/Vulnerabilities ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md index 41df827074..3264cc7d76 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md @@ -61,18 +61,15 @@ If successful and map exists - 200 OK. Here is an example of the request. -``` +```http GET https://graph.microsoft.com/testwdatppreview/CveKbMap -Content-type: application/json ``` **Response** Here is an example of the response. -``` -HTTP/1.1 200 OK -Content-type: application/json +```json { "@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#CveKbMap", "@odata.count": 4168, diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md index b18413a57e..2edded89ae 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md @@ -68,7 +68,7 @@ If successful, this method returns 200 OK, with the device secure score data in Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/configurationScore ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md index 258209f10d..760ce4ddb9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md @@ -71,7 +71,7 @@ If successful, this method returns 200 OK with the discovered vulnerability info Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/vulnerabilities ``` @@ -79,7 +79,7 @@ GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf4 Here is an example of the response. -``` +```json { "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", "value": [ diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md index dd3331b476..13a3f3f28f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md @@ -81,7 +81,7 @@ If successful and domain exists - 200 OK, with statistics object in the response Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/domains/example.com/stats?lookBackHours=48 ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md index c06627a36f..0288816bb4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md @@ -70,7 +70,7 @@ If successful, this method returns 200 OK, with the exposure data in the respons Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/exposureScore ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md index 019f1385c7..37b4c39da7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md @@ -76,7 +76,7 @@ If successful and file exists - 200 OK with the [file](files.md) entity in the b Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/files/4388963aaa83afe2042a46a3c017ad50bdcdafb3 ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md index dd23bde922..1ef694df96 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md @@ -79,6 +79,6 @@ If successful and file exists - 200 OK with list of [alert](alerts.md) entities Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/files/6532ec91d513acc05f43ee0aa3002599729fd3e1/alerts ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md index 981b5352e4..c0de4442c2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md @@ -79,6 +79,6 @@ If successful and file exists - 200 OK with list of [machine](machine.md) entiti Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/files/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/machines ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md index cf1898803a..ab8b12267d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md @@ -81,7 +81,7 @@ If successful and file exists - 200 OK with statistical data in the body. If fil Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/files/0991a395da64e1c5fbe8732ed11e6be064081d9f/stats?lookBackHours=48 ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md index 1d74c52f25..9effa5d7a6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md @@ -66,7 +66,7 @@ If successful, this method returns 200 OK with the installed software informatio Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/software ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md index ec0bd5533a..d4f66c71d6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md @@ -79,6 +79,6 @@ If successful and IP exists - 200 OK with list of [alert](alerts.md) entities in Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/alerts ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md index f7ea61feb1..6f54986e33 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md @@ -70,7 +70,7 @@ If successful, this method returns 200 OK, with a list of exposure score per dev Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/exposureScore/ByMachineGroups ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md index cbcb0e0b06..b2f9da0734 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md @@ -67,7 +67,7 @@ If successful, this method returns 200 OK and a list of devices with the softwar Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/machineReferences ``` @@ -76,7 +76,6 @@ GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/machi Here is an example of the response. ```json - { "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineReferences", "value": [ diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md index 35a821c812..bf4208cd36 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md @@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the vulnerability information in Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/vulnerabilities/CVE-2019-0608/machineReferences ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md index abb4bd89f5..d3c13ddae1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md @@ -62,7 +62,7 @@ If successful, this method returns 200 OK, with the specified device missing kb Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/machines/2339ad14a01bd0299afb93dfa2550136057bff96/getmissingkbs ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md index 4c037b678e..3b53dabe02 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md @@ -68,7 +68,7 @@ If successful, this method returns 200 OK, with the specified software missing k Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/getmissingkbs ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md index d752962405..5548416186 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md @@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the security recommendations in t Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md index 7d46d6e6fe..fa448849b7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md @@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the list of devices associated wi Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/machineReferences ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md index 4f144b37e3..0fcdc3e55a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md @@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the software associated with the Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/software ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md index 6c606f3bfc..e4a52ff2a7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md @@ -67,7 +67,7 @@ If successful, this method returns 200 OK, with the list of vulnerabilities asso Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/vulnerabilities ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md index f08ce4f926..2581a14cb0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md @@ -70,7 +70,7 @@ If successful, this method returns 200 OK with the security recommendations in t Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/recommendations ``` @@ -79,7 +79,7 @@ GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf4 Here is an example of the response. -``` +```json { "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Recommendations", "value": [ diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md index da3f09fb2d..58ff771315 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md @@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the specified software data in th Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge ``` @@ -76,7 +76,6 @@ GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge Here is an example of the response. ```json - { "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Software/$entity", "id": "microsoft-_-edge", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md index c707f59ef2..897e0c91a7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md @@ -67,7 +67,7 @@ If successful, this method returns 200 OK with a list of software distributions Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/distributions ``` @@ -76,7 +76,6 @@ GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/distr Here is an example of the response. ```json - { "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Distributions", "value": [ diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-software.md index 95e59d134f..b070207ed0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software.md @@ -66,7 +66,7 @@ If successful, this method returns 200 OK with the software inventory in the bod Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/Software ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md index 7705c00e4b..341e56d35d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md @@ -81,6 +81,6 @@ If successful and user exists - 200 OK. If the user does not exist - 404 Not Fou Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/users/user1/alerts ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md index 7cab2321b4..b91c080c8e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md @@ -82,6 +82,6 @@ If successful and user exists - 200 OK with list of [machine](machine.md) entiti Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/users/user1/machines ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md index c60ff31fdb..762572746a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md @@ -67,7 +67,7 @@ If successful, this method returns 200 OK with a a list of vulnerabilities expos Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/vulnerabilities ``` @@ -76,7 +76,6 @@ GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/vulne Here is an example of the response. ```json - { "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", "value": [ diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md index e8cc9c8257..441ac6bf08 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md @@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the vulnerability information in Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/Vulnerabilities/CVE-2019-0608 ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md index 8e33f2ae5c..ae63ad7d4b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md +++ b/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md @@ -79,9 +79,10 @@ Indicators | List<[Indicator](ti-indicator.md)> | List of [Indicators](ti-indica Here is an example of the request. -``` +```http POST https://api.securitycenter.microsoft.com/api/indicators/import ``` + ```json { "Indicators": diff --git a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md index 67f0760774..15f0c9b691 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md @@ -90,7 +90,7 @@ If successful, this method returns 201 - Created response code and [Machine Acti Here is an example of the request. -``` +```http POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/isolate ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md index c5bedda425..f019e3a9d3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md +++ b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md @@ -89,9 +89,10 @@ rbacGroupNames | String | Comma-separated list of RBAC group names the indicator Here is an example of the request. -``` +```http POST https://api.securitycenter.microsoft.com/api/indicators ``` + ```json { "indicatorValue": "220e7d15b011d7fac48f2bd61114db1022197f7f", diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md index aac2826f29..68a10a5e99 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md @@ -98,7 +98,7 @@ POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2 ```json { "Comment": "Check machine for viruses due to alert 3212", - “ScanType”: “Full” + "ScanType": "Full" } ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md index d2f3515f96..a19d0d51e1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md +++ b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md @@ -103,4 +103,4 @@ PATCH https://api.securitycenter.microsoft.com/api/alerts/121688558380765161_213 "determination": "Malware", "comment": "Resolve my alert and assign to secop2" } -``` +``` \ No newline at end of file From c8dde0220a6429f0e4fa375709c1b642f5ec4a98 Mon Sep 17 00:00:00 2001 From: Ben Alfasi Date: Sun, 24 Jan 2021 16:17:49 +0200 Subject: [PATCH 4/7] 5 --- .../threat-protection/microsoft-defender-atp/investigation.md | 2 +- .../threat-protection/microsoft-defender-atp/machine.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigation.md b/windows/security/threat-protection/microsoft-defender-atp/investigation.md index 6afbbec900..64b309d544 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigation.md @@ -40,7 +40,7 @@ Represent an Automated Investigation entity in Defender for Endpoint. Method|Return Type |Description :---|:---|:--- [List Investigations](get-investigation-collection.md) | Investigation collection | Get collection of Investigation -[Get single Investigation](get-investigation-collection.md) | Investigation entity | Gets single Investigation entity. +[Get single Investigation](get-investigation-object.md) | Investigation entity | Gets single Investigation entity. [Start Investigation](initiate-autoir-investigation.md) | Investigation entity | Starts Investigation on a device. diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index c0cfd906a5..896f5ca654 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -62,7 +62,7 @@ version | String | Operating system Version. osBuild | Nullable long | Operating system build number. lastIpAddress | String | Last IP on local NIC on the [machine](machine.md). lastExternalIpAddress | String | Last IP through which the [machine](machine.md) accessed the internet. -healthStatus | Enum | [machine](machine.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData" and "NoSensorDataImpairedCommunication" +healthStatus | Enum | [machine](machine.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData", "NoSensorDataImpairedCommunication" and "Unknown". rbacGroupName | String | Machine group Name. rbacGroupId | Int | Machine group unique ID. riskScore | Nullable Enum | Risk score as evaluated by Microsoft Defender for Endpoint. Possible values are: 'None', 'Informational', 'Low', 'Medium' and 'High'. From 5823e24e7ac6d543273fdbf8963a454ad921f8d6 Mon Sep 17 00:00:00 2001 From: Ben Alfasi Date: Sun, 24 Jan 2021 16:50:27 +0200 Subject: [PATCH 5/7] 3 --- .../microsoft-defender-atp/run-advanced-query-api.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md index 195101b45a..1f52029bfe 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md @@ -36,7 +36,7 @@ ms.technology: mde 2. The results will include a maximum of 100,000 rows. 3. The number of executions is limited per tenant: - API calls: Up to 45 calls per minute. - - Execution time: 10 minutes of running time every hour and 4 hours of running time a day. + - Execution time: 10 minutes of running time every hour and 3 hours of running time a day. 4. The maximal execution time of a single request is 10 minutes. 5. 429 response will represent reaching quota limit either by number of requests or by CPU. Read response body to understand what limit has been reached. From 995a3ed9aa6c99a38ad8714908adb25b3b8e16c0 Mon Sep 17 00:00:00 2001 From: jcaparas Date: Mon, 25 Jan 2021 13:38:04 -0800 Subject: [PATCH 6/7] Update initiate-autoir-investigation.md --- .../microsoft-defender-atp/initiate-autoir-investigation.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md index caa8fb231b..5617ebcae7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md @@ -92,3 +92,4 @@ POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2 { "Comment": "Test investigation" } +``` From 3abff941ef1a32cac37e1abe0cf9fee91dc35f7f Mon Sep 17 00:00:00 2001 From: jcaparas Date: Mon, 25 Jan 2021 13:39:46 -0800 Subject: [PATCH 7/7] Update get-software-by-id.md --- .../microsoft-defender-atp/get-software-by-id.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md index 58ff771315..43ed0055bf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md @@ -1,6 +1,6 @@ --- title: Get software by Id -description: Retrieves a list of exposure scores by device group. +description: Retrieves a list of sofware by ID. keywords: apis, graph api, supported apis, get, software, mdatp tvm api search.product: eADQiWindows 10XVcnh ms.prod: m365-security