From d16aa0651eba0559040a06236292decd47016cfe Mon Sep 17 00:00:00 2001 From: Ben Alfasi Date: Thu, 6 Feb 2020 19:18:12 +0200 Subject: [PATCH] s --- windows/security/threat-protection/TOC.md | 8 ++-- .../get-all-recommendations.md | 6 +-- .../get-all-vulnerabilities.md | 10 ++--- .../get-device-secure-score.md | 9 ++--- .../get-exposure-score.md | 3 +- .../get-machine-group-exposure-score.md | 19 +++------ .../get-machines-by-software.md | 9 +++-- .../get-machines-by-vulnerability.md | 8 ++-- .../get-recommendation-by-id.md | 3 +- .../get-recommendation-machines.md | 4 +- .../get-recommendation-software.md | 3 +- .../get-recommendation-vulnerabilities.md | 10 ++--- .../get-software-ver-distribution.md | 3 +- .../microsoft-defender-atp/get-software.md | 29 +++++++------- .../get-vuln-by-software.md | 31 ++++++++------- .../get-vulnerability-by-id.md | 3 +- .../microsoft-defender-atp/score.md | 39 +------------------ 17 files changed, 75 insertions(+), 122 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 93955396d4..64d2f552fc 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -461,7 +461,7 @@ ####### [Score methods and properties](microsoft-defender-atp/score.md) ####### [List exposure score by machine group](microsoft-defender-atp/get-machine-group-exposure-score.md) ####### [Get exposure score](microsoft-defender-atp/get-exposure-score.md) -####### [Get device secure score](microsoft-defender-atp/get-device-secure-score.md) +####### [Get machine secure score](microsoft-defender-atp/get-device-secure-score.md) ###### [Software]() ####### [Software methods and properties](microsoft-defender-atp/software.md) @@ -473,7 +473,7 @@ ###### [Vulnerability]() ####### [Vulnerability methods and properties](microsoft-defender-atp/vulnerability.md) -####### [Get all vulnerabilities](microsoft-defender-atp/get-all-vulnerabilities.md) +####### [List vulnerabilities](microsoft-defender-atp/get-all-vulnerabilities.md) ####### [Get vulnerability by Id](microsoft-defender-atp/get-vulnerability-by-id.md) ####### [List machines by vulnerability](microsoft-defender-atp/get-machines-by-vulnerability.md) @@ -482,8 +482,8 @@ ####### [List all recommendations](microsoft-defender-atp/get-all-recommendations.md) ####### [Get recommendation by Id](microsoft-defender-atp/get-recommendation-by-id.md) ####### [Get recommendation by software](microsoft-defender-atp/get-recommendation-software.md) -####### [Get recommendation by machines](microsoft-defender-atp/get-recommendation-machines.md) -####### [Get recommendation by vulnerabilities](microsoft-defender-atp/get-recommendation-vulnerabilities.md) +####### [List machines by recommendation](microsoft-defender-atp/get-recommendation-machines.md) +####### [List vulnerabilities by recommendation](microsoft-defender-atp/get-recommendation-vulnerabilities.md) ##### [How to use APIs - Samples]() ###### [Microsoft Flow](microsoft-defender-atp/api-microsoft-flow.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md index 1735811830..5f0bb3386d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md @@ -66,8 +66,7 @@ GET https://api.securitycenter.windows.com/api/recommendations Here is an example of the response. -``` -Content-type: json +```json { "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations", "value": [ @@ -99,7 +98,8 @@ Content-type: json "nonProductivityImpactedAssets": 0, "relatedComponent": "Windows 10" } - ] + ... + ] } ``` ## Related topics diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md index e0e4243d76..4114015c39 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md @@ -16,7 +16,7 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Get all vulnerabilities +# List vulnerabilities **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) @@ -66,8 +66,7 @@ GET https://api.securitycenter.windows.com/api/Vulnerabilities Here is an example of the response. -``` -Content-type: json +```json { "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Vulnerabilities", "value": [ @@ -86,8 +85,9 @@ Content-type: json "exploitTypes": [], "exploitUris": [] } - ] - { + ... + ] + } ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md index dfd844de6b..b0f731be41 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md @@ -1,6 +1,6 @@ --- -title: Get Device Secure score -description: Retrieves the organizational device secure score. +title: Get Machine Secure score +description: Retrieves the organizational machine secure score. keywords: apis, graph api, supported apis, get, alerts, recent search.product: eADQiWindows 10XVcnh ms.prod: w10 @@ -16,7 +16,7 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Get Device Secure score +# Get Machine Secure score **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) @@ -75,8 +75,7 @@ Here is an example of the response. { "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ConfigurationScore/$entity", "time": "2019-12-03T09:15:58.1665846Z", - "score": 340, - "rbacGroupId": null + "score": 340 } ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md index f57f5e53cf..794272d101 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md @@ -76,8 +76,7 @@ Here is an example of the response. { "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ExposureScore/$entity", "time": "2019-12-03T07:23:53.280499Z", - "score": 33.491554051195706, - "rbacGroupId": null + "score": 33.491554051195706 } ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md index a85a0bc44e..b9a2498569 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md @@ -18,9 +18,9 @@ ms.topic: article # List exposure score by machine group -**Applies to:** +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Prerelease information](../../includes/prerelease.md)] @@ -74,23 +74,14 @@ Here is an example of the response. { "time": "2019-12-03T09:51:28.214338Z", "score": 41.38041766305988, - "rbacGroupId": 10 + "rbacGroupName": "GroupOne" }, { "time": "2019-12-03T09:51:28.2143399Z", "score": 37.403726933165366, - "rbacGroupId": 11 - }, - { - "time": "2019-12-03T09:51:28.2143407Z", - "score": 26.390921344426033, - "rbacGroupId": 9 - }, - { - "time": "2019-12-03T09:51:28.2143414Z", - "score": 23.58823563070858, - "rbacGroupId": 5 + "rbacGroupName": "GroupTwo" } + ... ] } ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md index 81d6659101..b4a8ff7d35 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md @@ -24,7 +24,7 @@ ms.topic: article [!include[Prerelease information](../../includes/prerelease.md)] -Retrieve a list of machines that has this software installed. +Retrieve a list of machine references that has this software installed. ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details. @@ -75,15 +75,16 @@ Here is an example of the response. "id": "7c7e1896fa39efb0a32a2cf421d837af1b9bf762", "computerDnsName": "dave_desktop", "osPlatform": "Windows10", - "rbacGroupId": 9 + "rbacGroupName": "GroupTwo" }, { "id": "7d5cc2e7c305e4a0a290392abf6707f9888fda0d", "computerDnsName": "jane_PC", "osPlatform": "Windows10", - "rbacGroupId": 9 + "rbacGroupName": "GroupTwo" } -] + ... + ] } ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md index 5ee5fe1b47..b27ecfca50 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md @@ -66,8 +66,7 @@ GET https://api.securitycenter.windows.com/api/vulnerabilities/CVE-2019-0608/mac Here is an example of the response. -``` -Content-type: json +```json { "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineReferences", "value": [ @@ -75,14 +74,15 @@ Content-type: json "id": "235a2e6278c63fcf85bab9c370396972c58843de", "computerDnsName": "h1mkn_PC", "osPlatform": "Windows10", - "rbacGroupId": 1268 + "rbacGroupName": "GroupTwo" }, { "id": "afb3f807d1a185ac66668f493af028385bfca184", "computerDnsName": "chat_Desk ", "osPlatform": "Windows10", - "rbacGroupId": 410 + "rbacGroupName": "GroupTwo" } + ... ] } ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md index 6a56d41c99..9254f80562 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md @@ -65,8 +65,7 @@ GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chr Here is an example of the response. -``` -Content-type: json +```json { "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations/$entity", "id": "va-_-google-_-chrome", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md index d74dc47279..99fc59caf2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md @@ -1,5 +1,5 @@ --- -title: Get recommendation by machines +title: List machines by recommendation description: Retrieves a list of machines associated with the security recommendation. keywords: apis, graph api, supported apis, get, security recommendation for vulnerable machines, threat and vulnerability management, threat and vulnerability management api search.product: eADQiWindows 10XVcnh @@ -16,7 +16,7 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Get recommendation by machines +# List machines by recommendation **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md index de192c1e9f..d4e5a895ef 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md @@ -65,8 +65,7 @@ GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chr Here is an example of the response. -``` -Content-type: json +```json { "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Analytics.Contracts.PublicAPI.PublicProductDto", "id": "google-_-chrome", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md index c9ca363c20..e7e5725b8a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md @@ -1,5 +1,5 @@ --- -title: Get recommendation by vulnerabilities +title: List vulnerabilities by recommendation description: Retrieves a list of vulnerabilities associated with the security recommendation. keywords: apis, graph api, supported apis, get, list of vulnerabilities, security recommendation, security recommendation for vulnerabilities, threat and vulnerability management, threat and vulnerability management api search.product: eADQiWindows 10XVcnh @@ -16,7 +16,7 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Get recommendation by vulnerabilities +# List vulnerabilities by recommendation **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) @@ -65,8 +65,7 @@ GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chr Here is an example of the response. -``` -Content-type: json +```json { "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", "value": [ @@ -85,7 +84,8 @@ Content-type: json "exploitTypes": [], "exploitUris": [] } - ] + ... + ] } ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md index 2ba8c06b69..159f48e08e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md @@ -81,7 +81,8 @@ Here is an example of the response. "installations": 750, "vulnerabilities": 0 } - ] + ... + ] } ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-software.md index 1ec2bcccd1..883c240d11 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software.md @@ -17,10 +17,10 @@ ms.topic: article --- # List software inventory API -**Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -[!include[Prerelease information](../../includes/prerelease.md)] +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) Retrieves the organization software inventory. @@ -66,20 +66,21 @@ GET https://api.securitycenter.windows.com/api/Software Here is an example of the response. -``` +```json { "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Software", "value": [ - { - "id": "microsoft-_-edge", - "name": "edge", - "vendor": "microsoft", - "weaknesses": 467, - "publicExploit": true, - "activeAlert": false, - "exposedMachines": 172, - "impactScore": 2.39947438 - } + { + "id": "microsoft-_-edge", + "name": "edge", + "vendor": "microsoft", + "weaknesses": 467, + "publicExploit": true, + "activeAlert": false, + "exposedMachines": 172, + "impactScore": 2.39947438 + } + ... ] } ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md index 6fa52754b7..42147bc353 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md @@ -71,21 +71,22 @@ Here is an example of the response. { "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", "value": [ - { - "id": "CVE-2017-0140", - "name": "CVE-2017-0140", - "description": "A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how affected Microsoft Edge handles different-origin requests.", - "severity": "Medium", - "cvssV3": 4.2, - "exposedMachines": 1, - "publishedOn": "2017-03-14T00:00:00Z", - "updatedOn": "2019-10-03T00:03:00Z", - "publicExploit": false, - "exploitVerified": false, - "exploitInKit": false, - "exploitTypes": [], - "exploitUris": [] - } + { + "id": "CVE-2017-0140", + "name": "CVE-2017-0140", + "description": "A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how affected Microsoft Edge handles different-origin requests.", + "severity": "Medium", + "cvssV3": 4.2, + "exposedMachines": 1, + "publishedOn": "2017-03-14T00:00:00Z", + "updatedOn": "2019-10-03T00:03:00Z", + "publicExploit": false, + "exploitVerified": false, + "exploitInKit": false, + "exploitTypes": [], + "exploitUris": [] + } + ... ] } ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md index e4ccb6c433..a7ec42d80f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md @@ -65,8 +65,7 @@ GET https://api.securitycenter.windows.com/api/Vulnerabilities/CVE-2019-0608 Here is an example of the response. -``` -Content-type: json +```json { "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Vulnerabilities/$entity", "id": "CVE-2019-0608", diff --git a/windows/security/threat-protection/microsoft-defender-atp/score.md b/windows/security/threat-protection/microsoft-defender-atp/score.md index 9a903d296f..a0a67a5dd0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/score.md @@ -37,41 +37,4 @@ Property | Type | Description :---|:---|:--- Score | Double | The current score. Time | DateTime | The date and time in which the call for this API was made. -RbacGroupId | Nullable Int | RBAC Group ID. - - -### Response example for getting machine groups score: - -``` -GET https://api.securitycenter.windows.com/api/exposureScore/byMachineGroups -``` - -```json -{ - "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ExposureScore", - "value": [ - { - "time": "2019-12-03T07:26:49.9376328Z", - "score": 41.38041766305988, - "rbacGroupId": 10 - }, - { - "time": "2019-12-03T07:26:49.9376375Z", - "score": 23.58823563070858, - "rbacGroupId": 5 - }, - { - "time": "2019-12-03T07:26:49.9376382Z", - "score": 37.403726933165366, - "rbacGroupId": 11 - }, - { - "time": "2019-12-03T07:26:49.9376388Z", - "score": 26.323200116475423, - "rbacGroupId": 9 - } - ] -} - - -``` +RbacGroupName | String | The machine group name.