deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 22:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into fpfn-mdav-mdatp

Browse Source
This commit is contained in:
Denise Vangel-MSFT 2021-01-25 15:17:08 -08:00
commit c418bcf283
69 changed files with 181 additions and 175 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
View File

@ -90,9 +90,11 @@ If successful, this method returns 200 - Ok response code and the updated Machin
Here is an example of a request that adds machine tag.
```http
```
POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/tags
Content-type: application/json
```
```json
{
"Value" : "test Tag 2",
"Action": "Add"

6
windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
View File

@ -81,9 +81,11 @@ If successful, this method returns 201 - Created response code and [Machine Acti
Here is an example of the request.
```
```http
POST https://api.securitycenter.microsoft.com/api/machines/fb9ab6be3965095a09c057be7c90f0a2/collectInvestigationPackage
Content-type: application/json
```
```json
{
"Comment": "Collect forensics due to alert 1234"
}

3
windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
View File

@ -96,9 +96,10 @@ If successful, this method returns 200 OK, and a new [alert](alerts.md) object i
Here is an example of the request.
```
```http
POST https://api.securitycenter.microsoft.com/api/alerts/CreateAlertByReference
```
```json
{
"machineId": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",

2
windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
View File

@ -73,6 +73,6 @@ If Indicator with the specified id was not found - 404 Not Found.
Here is an example of the request.
```
```http
DELETE https://api.securitycenter.microsoft.com/api/indicators/995
```

2
windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
View File

@ -80,6 +80,6 @@ If the timestamp is not in the past 30 days - 400 Bad Request.
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/machines/findbyip(ip='10.248.240.38',timestamp=2019-09-22T08:44:05Z)
```

15
windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md
View File

@ -32,7 +32,7 @@ ms.topic: article
## API description
Find [Machines](machine.md) by [Tag](machine-tags.md).
<br>```startswith``` query is supported.
## Limitations
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
@ -56,7 +56,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
## HTTP request
```
GET /api/machines/findbytag(tag='{tag}')
GET /api/machines/findbytag?tag={tag}&useStartsWithFilter={true/false}
```
## Request headers
@ -65,6 +65,13 @@ Name | Type | Description
:---|:---|:---
Authorization | String | Bearer {token}. **Required**.
## Request URI parameters
Name | Type | Description
:---|:---|:---
tag | String | The tag name. **Required**.
useStartsWithFilter | Boolean | When set to true, the search will find all devices with tag name that starts with the given tag in the query. Defaults to false. **Optional**.
## Request body
Empty
@ -77,6 +84,6 @@ If successful - 200 OK with list of the machines in the response body.
Here is an example of the request.
```
GET https://api.securitycenter.microsoft.com/api/machines/findbytag(tag='testTag')
```http
GET https://api.securitycenter.microsoft.com/api/machines/findbytag?tag=testTag&useStartsWithFilter=true
```

6
windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md
View File

@ -77,7 +77,7 @@ If successful and alert and domain exist - 200 OK. If alert not found - 404 Not
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/alerts/636688558380765161_2136280442/domains
```
@ -85,9 +85,7 @@ GET https://api.securitycenter.microsoft.com/alerts/636688558380765161_213628044
Here is an example of the response.
```
HTTP/1.1 200 OK
Content-type: application/json
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/$metadata#Domains",
"value": [

6
windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md
View File

@ -77,7 +77,7 @@ If successful and alert and files exist - 200 OK. If alert not found - 404 Not F
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_2136280442/files
```
@ -86,9 +86,7 @@ GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_21362
Here is an example of the response.
```
HTTP/1.1 200 OK
Content-type: application/json
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Files",
"value": [

6
windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md
View File

@ -78,7 +78,7 @@ If successful and alert and an IP exist - 200 OK. If alert not found - 404 Not F
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/alerts/636688558380765161_2136280442/ips
```
@ -87,9 +87,7 @@ GET https://api.securitycenter.microsoft.com/alerts/636688558380765161_213628044
Here is an example of the response.
```
HTTP/1.1 200 OK
Content-type: application/json
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/$metadata#Ips",
"value": [

6
windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
View File

@ -79,7 +79,7 @@ If successful and alert and device exist - 200 OK. If alert not found or device
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_2136280442/machine
```
@ -88,9 +88,7 @@ GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_21362
Here is an example of the response.
```
HTTP/1.1 200 OK
Content-type: application/json
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines/$entity",
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",

6
windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
View File

@ -78,7 +78,7 @@ If successful and alert and a user exists - 200 OK with user in the body. If ale
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_2136280442/user
```
@ -87,9 +87,7 @@ GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_21362
Here is an example of the response.
```
HTTP/1.1 200 OK
Content-type: application/json
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users/$entity",
"id": "contoso\\user1",

4
windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
View File

@ -88,7 +88,7 @@ If successful, this method returns 200 OK, and a list of [alert](alerts.md) obje
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/alerts
```
@ -152,7 +152,7 @@ Here is an example of the response.
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/alerts?$top=10&$expand=evidence
```

2
windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md
View File

@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the list of security recommendati
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/recommendations
```

2
windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md
View File

@ -72,7 +72,7 @@ If successful, this method returns 200 OK with the list of vulnerabilities in th
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/vulnerabilities/machinesVulnerabilities
```

2
windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md
View File

@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the list of vulnerabilities in th
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/Vulnerabilities
```

7
windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md
View File

@ -61,18 +61,15 @@ If successful and map exists - 200 OK.
Here is an example of the request.
```
```http
GET https://graph.microsoft.com/testwdatppreview/CveKbMap
Content-type: application/json
```
**Response**
Here is an example of the response.
```
HTTP/1.1 200 OK
Content-type: application/json
```json
{
"@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#CveKbMap",
"@odata.count": 4168,

2
windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md
View File

@ -68,7 +68,7 @@ If successful, this method returns 200 OK, with the device secure score data in
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/configurationScore
```

8
windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md
View File

@ -30,8 +30,12 @@ ms.technology: mde
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description
Retrieves a collection of discovered vulnerabilities related to a given device ID.
## Limitations
1. Rate limitations for this API are 50 calls per minute and 1500 calls per hour.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
@ -67,7 +71,7 @@ If successful, this method returns 200 OK with the discovered vulnerability info
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/vulnerabilities
```
@ -75,7 +79,7 @@ GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf4
Here is an example of the response.
```
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)",
"value": [

13
windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
View File

@ -62,6 +62,11 @@ Header | Value
:---|:---
Authorization | Bearer {token}. **Required**.
## Request URI parameters
Name | Type | Description
:---|:---|:---
lookBackHours | Int32 | Defines the hours we search back to get the statistics. Defaults to 30 days. **Optional**.
## Request body
Empty
@ -76,8 +81,8 @@ If successful and domain exists - 200 OK, with statistics object in the response
Here is an example of the request.
```
GET https://api.securitycenter.microsoft.com/api/domains/example.com/stats
```http
GET https://api.securitycenter.microsoft.com/api/domains/example.com/stats?lookBackHours=48
```
**Response**
@ -85,9 +90,7 @@ GET https://api.securitycenter.microsoft.com/api/domains/example.com/stats
Here is an example of the response.
```
HTTP/1.1 200 OK
Content-type: application/json
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgDomainStats",
"host": "example.com",

2
windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md
View File

@ -70,7 +70,7 @@ If successful, this method returns 200 OK, with the exposure data in the respons
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/exposureScore
```

6
windows/security/threat-protection/microsoft-defender-atp/get-file-information.md
View File

@ -76,7 +76,7 @@ If successful and file exists - 200 OK with the [file](files.md) entity in the b
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/files/4388963aaa83afe2042a46a3c017ad50bdcdafb3
```
@ -85,9 +85,7 @@ GET https://api.securitycenter.microsoft.com/api/files/4388963aaa83afe2042a46a3c
Here is an example of the response.
```
HTTP/1.1 200 OK
Content-type: application/json
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Files/$entity",
"sha1": "4388963aaa83afe2042a46a3c017ad50bdcdafb3",

2
windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md
View File

@ -79,6 +79,6 @@ If successful and file exists - 200 OK with list of [alert](alerts.md) entities
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/files/6532ec91d513acc05f43ee0aa3002599729fd3e1/alerts
```

2
windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md
View File

@ -79,6 +79,6 @@ If successful and file exists - 200 OK with list of [machine](machine.md) entiti
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/files/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/machines
```

13
windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
View File

@ -62,6 +62,11 @@ Name | Type | Description
:---|:---|:---
Authorization | String | Bearer {token}. **Required**.
## Request URI parameters
Name | Type | Description
:---|:---|:---
lookBackHours | Int32 | Defines the hours we search back to get the statistics. Defaults to 30 days. **Optional**.
## Request body
Empty
@ -76,8 +81,8 @@ If successful and file exists - 200 OK with statistical data in the body. If fil
Here is an example of the request.
```
GET https://api.securitycenter.microsoft.com/api/files/0991a395da64e1c5fbe8732ed11e6be064081d9f/stats
```http
GET https://api.securitycenter.microsoft.com/api/files/0991a395da64e1c5fbe8732ed11e6be064081d9f/stats?lookBackHours=48
```
**Response**
@ -85,9 +90,7 @@ GET https://api.securitycenter.microsoft.com/api/files/0991a395da64e1c5fbe8732ed
Here is an example of the response.
```
HTTP/1.1 200 OK
Content-type: application/json
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgFileStats",
"sha1": "0991a395da64e1c5fbe8732ed11e6be064081d9f",

2
windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md
View File

@ -66,7 +66,7 @@ If successful, this method returns 200 OK with the installed software informatio
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/software
```

4
windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md
View File

@ -90,9 +90,7 @@ GET https://api.securitycenter.microsoft.com/api/investigations
Here is an example of the response:
```
HTTP/1.1 200 Ok
Content-type: application/json
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Investigations",
"value": [

2
windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md
View File

@ -79,6 +79,6 @@ If successful and IP exists - 200 OK with list of [alert](alerts.md) entities in
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/alerts
```

11
windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md
View File

@ -63,6 +63,11 @@ Name | Type | Description
:---|:---|:---
Authorization | String | Bearer {token}. **Required**.
## Request URI parameters
Name | Type | Description
:---|:---|:---
lookBackHours | Int32 | Defines the hours we search back to get the statistics. Defaults to 30 days. **Optional**.
## Request body
Empty
@ -78,7 +83,7 @@ If successful and ip exists - 200 OK with statistical data in the body. IP do no
Here is an example of the request.
```http
GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/stats
GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/stats?lookBackHours=48
```
**Response**
@ -86,9 +91,7 @@ GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/stats
Here is an example of the response.
```http
HTTP/1.1 200 OK
Content-type: application/json
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgIPStats",
"ipAddress": "10.209.67.177",

7
windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md
View File

@ -61,18 +61,15 @@ If successful - 200 OK.
Here is an example of the request.
```
```http
GET https://graph.microsoft.com/testwdatppreview/KbInfo
Content-type: application/json
```
**Response**
Here is an example of the response.
```
HTTP/1.1 200 OK
Content-type: application/json
```json
{
"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#KbInfo",
"@odata.count": 271,

4
windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
View File

@ -91,9 +91,7 @@ GET https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c29
Here is an example of the response.
```http
HTTP/1.1 200 OK
Content-type: application/json
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machine",
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",

2
windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md
View File

@ -70,7 +70,7 @@ If successful, this method returns 200 OK, with a list of exposure score per dev
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/exposureScore/ByMachineGroups
```

4
windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
View File

@ -87,9 +87,7 @@ GET https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c29
Here is an example of the response.
```http
HTTP/1.1 200 OK
Content-type: application/json
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users",
"value": [

6
windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md
View File

@ -77,7 +77,7 @@ If successful, this method returns 200, Ok response code with a [Machine Action]
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/machineactions/2e9da30d-27f6-4208-81f2-9cd3d67893ba
```
@ -86,9 +86,7 @@ GET https://api.securitycenter.microsoft.com/api/machineactions/2e9da30d-27f6-42
Here is an example of the response.
```
HTTP/1.1 200 Ok
Content-type: application/json
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions/$entity",
"id": "5382f7ea-7557-4ab7-9782-d50480024a4e",

6
windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md
View File

@ -82,7 +82,7 @@ If successful, this method returns 200, Ok response code with a collection of [m
Here is an example of the request on an organization that has three MachineActions.
```
```http
GET https://api.securitycenter.microsoft.com/api/machineactions
```
@ -91,9 +91,7 @@ GET https://api.securitycenter.microsoft.com/api/machineactions
Here is an example of the response.
```
HTTP/1.1 200 Ok
Content-type: application/json
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions",
"value": [

3
windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md
View File

@ -67,7 +67,7 @@ If successful, this method returns 200 OK and a list of devices with the softwar
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/machineReferences
```
@ -76,7 +76,6 @@ GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/machi
Here is an example of the response.
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineReferences",
"value": [

2
windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md
View File

@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the vulnerability information in
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/vulnerabilities/CVE-2019-0608/machineReferences
```

4
windows/security/threat-protection/microsoft-defender-atp/get-machines.md
View File

@ -92,9 +92,7 @@ GET https://api.securitycenter.microsoft.com/api/machines
Here is an example of the response.
```http
HTTP/1.1 200 OK
Content-type: application/json
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines",
"value": [

7
windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md
View File

@ -60,9 +60,8 @@ If successful - 200 OK.
Here is an example of the request.
```
```http
GET https://graph.microsoft.com/testwdatppreview/machinesecuritystates
Content-type: application/json
```
**Response**
@ -70,9 +69,7 @@ Content-type: application/json
Here is an example of the response.
Field *id* contains device id and equal to the field *id** in devices info.
```
HTTP/1.1 200 OK
Content-type: application/json
```json
{
"@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#MachineSecurityStates",
"@odata.count":444,

8
windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md
View File

@ -30,7 +30,11 @@ ms.technology: mde
[!include[Improve request performance](../../includes/improve-request-performance.md)]
Retrieves missing KBs (security updates) by device ID
## API description
Retrieves missing KBs (security updates) by device ID.
## Limitations
1. Rate limitations for this API are 50 calls per minute and 1500 calls per hour.
## HTTP request
@ -58,7 +62,7 @@ If successful, this method returns 200 OK, with the specified device missing kb
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/machines/2339ad14a01bd0299afb93dfa2550136057bff96/getmissingkbs
```

2
windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md
View File

@ -68,7 +68,7 @@ If successful, this method returns 200 OK, with the specified software missing k
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/getmissingkbs
```

8
windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md
View File

@ -73,19 +73,15 @@ If successful, this method returns 200, Ok response code with object that holds
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/machineactions/7327b54fd718525cbca07dacde913b5ac3c85673/GetPackageUri
```
**Response**
Here is an example of the response.
```
HTTP/1.1 200 Ok
Content-type: application/json
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Edm.String",
"value": "\"https://userrequests-us.securitycenter.windows.com:443/safedownload/WDATP_Investigation_Package.zip?token=gbDyj7y%2fbWGAZjn2sFiZXlliBTXOCVG7yiJ6mXNaQ9pLByC2Wxeno9mENsPFP3xMk5l%2bZiJXjLvqAyNEzUNROxoM2I1er9dxzfVeBsxSmclJjPsAx%2btiNyxSz1Ax%2b5jaT5cL5bZg%2b8wgbwY9urXbTpGjAKh6FB1e%2b0ypcWkPm8UkfOwsmtC%2biZJ2%2bPqnkkeQk7SKMNoAvmh9%2fcqDIPKXGIBjMa0D9auzypOqd8bQXp7p2BnLSH136BxST8n9IHR4PILvRjAYW9kvtHkBpBitfydAsUW4g2oDZSPN3kCLBOoo1C4w4Lkc9Bc3GNU2IW6dfB7SHcp7G9p4BDkeJl3VuDs6esCaeBorpn9FKJ%2fXo7o9pdcI0hUPZ6Ds9hiPpwPUtz5J29CBE3QAopCK%2fsWlf6OW2WyXsrNRSnF1tVE5H3wXpREzuhD7S4AIA3OIEZKzC4jIPLeMu%2bazZU9xGwuc3gICOaokbwMJiZTqcUuK%2fV9YdBdjdg8wJ16NDU96Pl6%2fgew2KYuk6Wo7ZuHotgHI1abcsvdlpe4AvixDbqcRJthsg2PpLRaFLm5av44UGkeK6TJpFvxUn%2f9fg6Zk5yM1KUTHb8XGmutoCM8U9er6AzXZlY0gGc3D3bQOg41EJZkEZLyUEbk1hXJB36ku2%2bW01cG71t7MxMBYz7%2bdXobxpdo%3d%3bRWS%2bCeoDfTyDcfH5pkCg6hYDmCOPr%2fHYQuaUWUBNVnXURYkdyOzVHqp%2fe%2f1BNyPdVoVkpQHpz1pPS3b5g9h7IMmNKCk5gFq5m2nPx6kk9EYtzx8Ndoa2m9Yj%2bSaf8zIFke86YnfQL4AYewsnQNJJh4wc%2bXxGlBq7axDcoiOdX91rKzVicH3GSBkFoLFAKoegWWsF%2fEDZcVpF%2fXUA1K8HvB6dwyfy4y0sAqnNPxYTQ97mG7yHhxPt4Pe9YF2UPPAJVuEf8LNlQ%2bWHC9%2f7msF6UUI4%2fca%2ftpjFs%2fSNeRE8%2fyQj21TI8YTF1SowvaJuDc1ivEoeopNNGG%2bGI%2fX0SckaVxU9Hdkh0zbydSlT5SZwbSwescs0IpzECitBbaLUz4aT8KTs8T0lvx8D7Te3wVsKAJ1r3iFMQZrlk%2bS1WW8rvac7oHRx2HKURn1v7fDIQWgJr9aNsNlFz4fLJ50T2qSHuuepkLVbe93Va072aMGhvr09WVKoTpAf1j2bcFZZU6Za5PxI32mr0k90FgiYFJ1F%2f1vRDrGwvWVWUkR3Z33m4g0gHa52W1FMxQY0TJIwbovD6FaSNDx7xhKZSd5IJ7r6P91Gez49PaZRcAZPjd%2bfbul3JNm1VqQPTLohT7wa0ymRiXpSST74xtFzuEBzNSNATdbngj3%2fwV4JesTjZjIj5Dc%3d%3blumqauVlFuuO8MQffZgs0tLJ4Fq6fpeozPTdDf8Ll6XLegi079%2b4mSPFjTK0y6eohstxdoOdom2wAHiZwk0u4KLKmRkfYOdT1wHY79qKoBQ3ZDHFTys9V%2fcwKGl%2bl8IenWDutHygn5IcA1y7GTZj4g%3d%3d\""

2
windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md
View File

@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the security recommendations in t
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome
```

2
windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md
View File

@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the list of devices associated wi
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/machineReferences
```

2
windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md
View File

@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the software associated with the
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/software
```

2
windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md
View File

@ -67,7 +67,7 @@ If successful, this method returns 200 OK, with the list of vulnerabilities asso
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/vulnerabilities
```

8
windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md
View File

@ -31,8 +31,12 @@ ms.technology: mde
[!include[Prerelease information](../../includes/prerelease.md)]
## API description
Retrieves a collection of security recommendations related to a given device ID.
## Limitations
1. Rate limitations for this API are 50 calls per minute and 1500 calls per hour.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
@ -66,7 +70,7 @@ If successful, this method returns 200 OK with the security recommendations in t
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/recommendations
```
@ -75,7 +79,7 @@ GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf4
Here is an example of the response.
```
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Recommendations",
"value": [

5
windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md
View File

@ -1,6 +1,6 @@
---
title: Get software by Id
description: Retrieves a list of exposure scores by device group.
description: Retrieves a list of sofware by ID.
keywords: apis, graph api, supported apis, get, software, mdatp tvm api
search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the specified software data in th
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge
```
@ -76,7 +76,6 @@ GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge
Here is an example of the response.
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Software/$entity",
"id": "microsoft-_-edge",

3
windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md
View File

@ -67,7 +67,7 @@ If successful, this method returns 200 OK with a list of software distributions
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/distributions
```
@ -76,7 +76,6 @@ GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/distr
Here is an example of the response.
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Distributions",
"value": [

2
windows/security/threat-protection/microsoft-defender-atp/get-software.md
View File

@ -66,7 +66,7 @@ If successful, this method returns 200 OK with the software inventory in the bod
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/Software
```

12
windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md
View File

@ -78,7 +78,7 @@ If successful, this method returns 200, Ok response code with a collection of [I
Here is an example of a request that gets all Indicators
```
```http
GET https://api.securitycenter.microsoft.com/api/indicators
```
@ -86,9 +86,7 @@ GET https://api.securitycenter.microsoft.com/api/indicators
Here is an example of the response.
```
HTTP/1.1 200 Ok
Content-type: application/json
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Indicators",
"value": [
@ -141,7 +139,7 @@ Content-type: application/json
Here is an example of a request that gets all Indicators with 'AlertAndBlock' action
```
```http
GET https://api.securitycenter.microsoft.com/api/indicators?$filter=action+eq+'AlertAndBlock'
```
@ -149,9 +147,7 @@ GET https://api.securitycenter.microsoft.com/api/indicators?$filter=action+eq+'A
Here is an example of the response.
```
HTTP/1.1 200 Ok
Content-type: application/json
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Indicators",
"value": [

7
windows/security/threat-protection/microsoft-defender-atp/get-user-information.md
View File

@ -64,9 +64,8 @@ If successful and user exists - 200 OK with [user](user.md) entity in the body.
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/users/user1
Content-type: application/json
```
**Response**
@ -74,9 +73,7 @@ Content-type: application/json
Here is an example of the response.
```
HTTP/1.1 200 OK
Content-type: application/json
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users/$entity",
"id": "user1",

2
windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md
View File

@ -81,6 +81,6 @@ If successful and user exists - 200 OK. If the user does not exist - 404 Not Fou
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/users/user1/alerts
```

2
windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md
View File

@ -82,6 +82,6 @@ If successful and user exists - 200 OK with list of [machine](machine.md) entiti
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/users/user1/machines
```

3
windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md
View File

@ -67,7 +67,7 @@ If successful, this method returns 200 OK with a a list of vulnerabilities expos
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/vulnerabilities
```
@ -76,7 +76,6 @@ GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/vulne
Here is an example of the response.
```json
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)",
"value": [

2
windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md
View File

@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the vulnerability information in
Here is an example of the request.
```
```http
GET https://api.securitycenter.microsoft.com/api/Vulnerabilities/CVE-2019-0608
```

5
windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md
View File

@ -37,7 +37,7 @@ Submits or Updates batch of [Indicator](ti-indicator.md) entities.
## Limitations
1. Rate limitations for this API are 30 calls per minute.
2. There is a limit of 15,000 active [Indicators](ti-indicator.md) per tenant.
3. Maximum batch size for one API call is 500.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Get started](apis-intro.md)
@ -79,9 +79,10 @@ Indicators | List<[Indicator](ti-indicator.md)> | List of [Indicators](ti-indica
Here is an example of the request.
```
```http
POST https://api.securitycenter.microsoft.com/api/indicators/import
```
```json
{
"Indicators":

9
windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md
View File

@ -84,9 +84,12 @@ If successful, this method returns 201 - Created response code and [Investigatio
Here is an example of the request.
```
```http
POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/startInvestigation
Content-type: application/json
```
```json
{
"Comment": "Test investigation",
"Comment": "Test investigation"
}
```

2
windows/security/threat-protection/microsoft-defender-atp/investigation.md
View File

@ -40,7 +40,7 @@ Represent an Automated Investigation entity in Defender for Endpoint.
Method|Return Type |Description
:---|:---|:---
[List Investigations](get-investigation-collection.md) | Investigation collection | Get collection of Investigation
[Get single Investigation](get-investigation-collection.md) | Investigation entity | Gets single Investigation entity.
[Get single Investigation](get-investigation-object.md) | Investigation entity | Gets single Investigation entity.
[Start Investigation](initiate-autoir-investigation.md) | Investigation entity | Starts Investigation on a device.

10
windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md
View File

@ -90,13 +90,15 @@ If successful, this method returns 201 - Created response code and [Machine Acti
Here is an example of the request.
```console
```http
POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/isolate
Content-type: application/json
```
```json
{
"Comment": "Isolate machine due to alert 1234",
“IsolationType”: “Full”
"IsolationType": "Full"
}
```
- To unisolate a device, see [Release device from isolation](unisolate-machine.md).
- To release a device from isolation, see [Release device from isolation](unisolate-machine.md).

2
windows/security/threat-protection/microsoft-defender-atp/machine.md
View File

@ -62,7 +62,7 @@ version | String | Operating system Version.
osBuild | Nullable long | Operating system build number.
lastIpAddress | String | Last IP on local NIC on the [machine](machine.md).
lastExternalIpAddress | String | Last IP through which the [machine](machine.md) accessed the internet.
healthStatus | Enum | [machine](machine.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData" and "NoSensorDataImpairedCommunication"
healthStatus | Enum | [machine](machine.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData", "NoSensorDataImpairedCommunication" and "Unknown".
rbacGroupName | String | Machine group Name.
rbacGroupId | Int | Machine group unique ID.
riskScore | Nullable Enum | Risk score as evaluated by Microsoft Defender for Endpoint. Possible values are: 'None', 'Informational', 'Low', 'Medium' and 'High'.

6
windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
View File

@ -87,9 +87,11 @@ If successful, this method returns 201 - Created response code and [Machine Acti
Here is an example of the request.
```
```http
POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/offboard
Content-type: application/json
```
```json
{
"Comment": "Offboard machine by automation"
}

3
windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
View File

@ -89,9 +89,10 @@ rbacGroupNames | String | Comma-separated list of RBAC group names the indicator
Here is an example of the request.
```
```http
POST https://api.securitycenter.microsoft.com/api/indicators
```
```json
{
"indicatorValue": "220e7d15b011d7fac48f2bd61114db1022197f7f",

7
windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md
View File

@ -83,9 +83,11 @@ If successful, this method returns 201 - Created response code and [Machine Acti
Here is an example of the request.
```
```http
POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/restrictCodeExecution
Content-type: application/json
```
```json
{
"Comment": "Restrict code execution due to alert 1234"
}
@ -93,4 +95,3 @@ Content-type: application/json
```
- To remove code execution restriction from a device, see [Remove app restriction](unrestrict-code-execution.md).

12
windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
View File

@ -35,10 +35,10 @@ ms.technology: mde
1. You can only run a query on data from the last 30 days.
2. The results will include a maximum of 100,000 rows.
3. The number of executions is limited per tenant:
- API calls: Up to 15 calls per minute
- Execution time: 10 minutes of running time every hour and 4 hours of running time a day
- API calls: Up to 45 calls per minute.
- Execution time: 10 minutes of running time every hour and 3 hours of running time a day.
4. The maximal execution time of a single request is 10 minutes.
5. 429 response will represent reaching quota limit either by number of requests or by CPU. The 429 response body will also indicate the time until the quota is renewed.
5. 429 response will represent reaching quota limit either by number of requests or by CPU. Read response body to understand what limit has been reached.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
@ -82,9 +82,11 @@ Request
Here is an example of the request.
```
```http
POST https://api.securitycenter.microsoft.com/api/advancedqueries/run
Content-type: application/json
```
```json
{
"Query":"DeviceProcessEvents
| where InitiatingProcessFileName =~ 'powershell.exe'

8
windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
View File

@ -91,12 +91,14 @@ If successful, this method returns 201, Created response code and _MachineAction
Here is an example of the request.
```
```http
POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/runAntiVirusScan
Content-type: application/json
```
```json
{
"Comment": "Check machine for viruses due to alert 3212",
“ScanType”: “Full”
"ScanType": "Full"
}
```

6
windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md
View File

@ -84,9 +84,11 @@ If successful, this method returns 201 - Created response code and [Machine Acti
Here is an example of the request.
```
```http
POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/StopAndQuarantineFile
Content-type: application/json
```
```json
{
"Comment": "Stop and quarantine file on machine due to alert 441688558380765161_2136280442",
"Sha1": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9"

6
windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md
View File

@ -84,9 +84,11 @@ If successful, this method returns 201 - Created response code and [Machine Acti
Here is an example of the request.
```
```http
POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/unisolate
Content-type: application/json
```
```json
{
"Comment": "Unisolate machine since it was clean and validated"
}

6
windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md
View File

@ -82,9 +82,11 @@ If successful, this method returns 201 - Created response code and [Machine Acti
Here is an example of the request.
```
```http
POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/unrestrictCodeExecution
Content-type: application/json
```
```json
{
"Comment": "Unrestrict code execution since machine was cleaned and validated"
}

5
windows/security/threat-protection/microsoft-defender-atp/update-alert.md
View File

@ -91,10 +91,11 @@ If successful, this method returns 200 OK, and the [alert](alerts.md) entity in
Here is an example of the request.
```
```http
PATCH https://api.securitycenter.microsoft.com/api/alerts/121688558380765161_2136280442
Content-Type: application/json
```
```json
{
"status": "Resolved",
"assignedTo": "secop2@contoso.com",