deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 07:17:24 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Advanced Hunting - Fix code samples after WDATP service change

Browse Source
This commit is contained in:
David Laufer 2018-09-17 16:13:50 +03:00
parent fb97663537
commit d0d57aae14
5 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/windows-defender-atp/exposed-apis-full-sample-powershell.md
View File

@ -98,7 +98,7 @@ $query = "NetworkCommunicationEvents
$queryUrl = "https://api.securitycenter.windows.com/advancedqueries/query" $queryUrl = "https://api.securitycenter.windows.com/advancedqueries/query"
$queryBody = ConvertTo-Json -InputObject $query $queryBody = ConvertTo-Json -InputObject @{ 'Query' = $query }
$queryResponse = Invoke-WebRequest -Method Post -Uri $queryUrl -Headers $headers -Body $queryBody -ErrorAction Stop $queryResponse = Invoke-WebRequest -Method Post -Uri $queryUrl -Headers $headers -Body $queryBody -ErrorAction Stop
$response = ($queryResponse | ConvertFrom-Json).Results $response = ($queryResponse | ConvertFrom-Json).Results
$response $response

4
windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md
View File

@ -77,11 +77,11 @@ Here is an example of the request.
POST https://api.securitycenter.windows.com/advancedqueries/query POST https://api.securitycenter.windows.com/advancedqueries/query
Content-type: application/json Content-type: application/json
{ {
"ProcessCreationEvents "Query":"ProcessCreationEvents
| where InitiatingProcessFileName =~ \"powershell.exe\" | where InitiatingProcessFileName =~ \"powershell.exe\"
| where ProcessCommandLine contains \"appdata\" | where ProcessCommandLine contains \"appdata\"
| project EventTime, FileName, InitiatingProcessFileName | project EventTime, FileName, InitiatingProcessFileName
| limit 2" | limit 2"
} }
``` ```

2
windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-app-token.md
View File

@ -65,7 +65,7 @@ If you want to use **user token** instead please refer to [this](run-advanced-qu
AdvancedHuntingUrl, AdvancedHuntingUrl,
[ [
Headers = [#"Content-Type"="application/json", #"Accept"="application/json", #"Authorization"=Bearer], Headers = [#"Content-Type"="application/json", #"Accept"="application/json", #"Authorization"=Bearer],
Content=Json.FromValue(Query) Content=Json.FromValue([#"Query"=Query])
] ]
)), )),

2
windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-powershell.md
View File

@ -71,7 +71,7 @@ $headers = @{
Accept = 'application/json' Accept = 'application/json'
Authorization = "Bearer $aadToken" Authorization = "Bearer $aadToken"
} }
$body = ConvertTo-Json -InputObject $query $body = ConvertTo-Json -InputObject @{ 'Query' = $query }
$webResponse = Invoke-WebRequest -Method Post -Uri $url -Headers $headers -Body $body -ErrorAction Stop $webResponse = Invoke-WebRequest -Method Post -Uri $url -Headers $headers -Body $body -ErrorAction Stop
$response = $webResponse | ConvertFrom-Json $response = $webResponse | ConvertFrom-Json
$results = $response.Results $results = $response.Results

2
windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md
View File

@ -74,7 +74,7 @@ headers = {
'Authorization' : "Bearer " + aadToken 'Authorization' : "Bearer " + aadToken
} }
data = json.dumps(query).encode("utf-8") data = json.dumps({ 'Query' : query }).encode("utf-8")
req = urllib.request.Request(url, data, headers) req = urllib.request.Request(url, data, headers)
response = urllib.request.urlopen(req) response = urllib.request.urlopen(req)