deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 04:13:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

add in content to enable custom ti application

Browse Source
This commit is contained in:
Joey Caparas
2017-02-09 16:23:43 -08:00
parent c0cd7c0d3d
commit c8bb6bac96
3 changed files with 29 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
windows/keep-secure/custom-ti-api-windows-defender-advanced-threat-protection.md
View File

@ -25,6 +25,10 @@ localizationpriority: high
You can define custom alert definitions and indicators of compromise (IOC) using the available APIs. Creating custom TIs allows you to create specific alerts that are applicable to your organization.
## Before you begin
Before creating custom TI's, you'll need to enable the custom TI application in Azure Active Directory and generate access tokens. For more information, see [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md).
### Use the available REST API to create custom TI's
You can call and specify the resource URLs using one of the following operations to access and manipulate a custom TI resource, you call and specify the resource URLs using one of the following operations:
- GET
@ -339,3 +343,7 @@ $skip | int | The number of items to skip in a result set.
$count | boolean | A collection and the number of items in the collection.
These parameters are compatible with the [OData V4 query language](http://docs.oasis-open.org/odata/odata/v4.0/errata03/os/complete/part2-url-conventions/odata-v4.0-errata03-os-part2-url-conventions-complete.html#_Toc453752356).
## Related topics
[Understand threat intelligence](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
[Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)

1
windows/keep-secure/threat-indicator-concepts-windows-defender-advanced-threat-protection.md
View File

@ -46,4 +46,5 @@ Here is an example of an IOC:
IOCs have a many-to-one relationship with alert definitions such that an alert definition can have many IOCs that correspond to it.
## Related topic
- [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
- [Create custom threat indicators using REST API](custom-ti-api-windows-defender-advanced-threat-protection.md)