deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 06:47:21 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

s

Browse Source
This commit is contained in:
Ben Alfasi 2020-02-06 19:18:12 +02:00
parent 60bc51d15d
commit d16aa0651e
17 changed files with 75 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
windows/security/threat-protection/TOC.md
View File

@ -461,7 +461,7 @@
####### [Score methods and properties](microsoft-defender-atp/score.md)
####### [List exposure score by machine group](microsoft-defender-atp/get-machine-group-exposure-score.md)
####### [Get exposure score](microsoft-defender-atp/get-exposure-score.md)
####### [Get device secure score](microsoft-defender-atp/get-device-secure-score.md)
####### [Get machine secure score](microsoft-defender-atp/get-device-secure-score.md)
###### [Software]()
####### [Software methods and properties](microsoft-defender-atp/software.md)
@ -473,7 +473,7 @@
###### [Vulnerability]()
####### [Vulnerability methods and properties](microsoft-defender-atp/vulnerability.md)
####### [Get all vulnerabilities](microsoft-defender-atp/get-all-vulnerabilities.md)
####### [List vulnerabilities](microsoft-defender-atp/get-all-vulnerabilities.md)
####### [Get vulnerability by Id](microsoft-defender-atp/get-vulnerability-by-id.md)
####### [List machines by vulnerability](microsoft-defender-atp/get-machines-by-vulnerability.md)
@ -482,8 +482,8 @@
####### [List all recommendations](microsoft-defender-atp/get-all-recommendations.md)
####### [Get recommendation by Id](microsoft-defender-atp/get-recommendation-by-id.md)
####### [Get recommendation by software](microsoft-defender-atp/get-recommendation-software.md)
####### [Get recommendation by machines](microsoft-defender-atp/get-recommendation-machines.md)
####### [Get recommendation by vulnerabilities](microsoft-defender-atp/get-recommendation-vulnerabilities.md)
####### [List machines by recommendation](microsoft-defender-atp/get-recommendation-machines.md)
####### [List vulnerabilities by recommendation](microsoft-defender-atp/get-recommendation-vulnerabilities.md)
##### [How to use APIs - Samples]()
###### [Microsoft Flow](microsoft-defender-atp/api-microsoft-flow.md)

6
windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md
View File

@ -66,8 +66,7 @@ GET https://api.securitycenter.windows.com/api/recommendations
Here is an example of the response.
```
Content-type: json
```json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations",
"value": [
@ -99,7 +98,8 @@ Content-type: json
"nonProductivityImpactedAssets": 0,
"relatedComponent": "Windows 10"
}
]
...
]
}
```
## Related topics

10
windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md
View File

@ -16,7 +16,7 @@ ms.collection: M365-security-compliance
ms.topic: article
---
# Get all vulnerabilities
# List vulnerabilities
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
@ -66,8 +66,7 @@ GET https://api.securitycenter.windows.com/api/Vulnerabilities
Here is an example of the response.
```
Content-type: json
```json
{
"@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Vulnerabilities",
"value": [
@ -86,8 +85,9 @@ Content-type: json
"exploitTypes": [],
"exploitUris": []
}
]
{
...
]
}
```

9
windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md
View File

@ -1,6 +1,6 @@
---
title: Get Device Secure score
description: Retrieves the organizational device secure score.
title: Get Machine Secure score
description: Retrieves the organizational machine secure score.
keywords: apis, graph api, supported apis, get, alerts, recent
search.product: eADQiWindows 10XVcnh
ms.prod: w10
@ -16,7 +16,7 @@ ms.collection: M365-security-compliance
ms.topic: article
---
# Get Device Secure score
# Get Machine Secure score
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
@ -75,8 +75,7 @@ Here is an example of the response.
{
"@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ConfigurationScore/$entity",
"time": "2019-12-03T09:15:58.1665846Z",
"score": 340,
"rbacGroupId": null
"score": 340
}
```

3
windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md
View File

@ -76,8 +76,7 @@ Here is an example of the response.
{
"@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ExposureScore/$entity",
"time": "2019-12-03T07:23:53.280499Z",
"score": 33.491554051195706,
"rbacGroupId": null
"score": 33.491554051195706
}
```

19
windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md
View File

@ -18,9 +18,9 @@ ms.topic: article
# List exposure score by machine group
**Applies to:**
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Prerelease information](../../includes/prerelease.md)]
@ -74,23 +74,14 @@ Here is an example of the response.
{
"time": "2019-12-03T09:51:28.214338Z",
"score": 41.38041766305988,
"rbacGroupId": 10
"rbacGroupName": "GroupOne"
},
{
"time": "2019-12-03T09:51:28.2143399Z",
"score": 37.403726933165366,
"rbacGroupId": 11
},
{
"time": "2019-12-03T09:51:28.2143407Z",
"score": 26.390921344426033,
"rbacGroupId": 9
},
{
"time": "2019-12-03T09:51:28.2143414Z",
"score": 23.58823563070858,
"rbacGroupId": 5
"rbacGroupName": "GroupTwo"
}
...
]
}
```

9
windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md
View File

@ -24,7 +24,7 @@ ms.topic: article
[!include[Prerelease information](../../includes/prerelease.md)]
Retrieve a list of machines that has this software installed.
Retrieve a list of machine references that has this software installed.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
@ -75,15 +75,16 @@ Here is an example of the response.
"id": "7c7e1896fa39efb0a32a2cf421d837af1b9bf762",
"computerDnsName": "dave_desktop",
"osPlatform": "Windows10",
"rbacGroupId": 9
"rbacGroupName": "GroupTwo"
},
{
"id": "7d5cc2e7c305e4a0a290392abf6707f9888fda0d",
"computerDnsName": "jane_PC",
"osPlatform": "Windows10",
"rbacGroupId": 9
"rbacGroupName": "GroupTwo"
}
]
...
]
}
```

8
windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md
View File

@ -66,8 +66,7 @@ GET https://api.securitycenter.windows.com/api/vulnerabilities/CVE-2019-0608/mac
Here is an example of the response.
```
Content-type: json
```json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineReferences",
"value": [
@ -75,14 +74,15 @@ Content-type: json
"id": "235a2e6278c63fcf85bab9c370396972c58843de",
"computerDnsName": "h1mkn_PC",
"osPlatform": "Windows10",
"rbacGroupId": 1268
"rbacGroupName": "GroupTwo"
},
{
"id": "afb3f807d1a185ac66668f493af028385bfca184",
"computerDnsName": "chat_Desk ",
"osPlatform": "Windows10",
"rbacGroupId": 410
"rbacGroupName": "GroupTwo"
}
...
]
}
```

3
windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md
View File

@ -65,8 +65,7 @@ GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chr
Here is an example of the response.
```
Content-type: json
```json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations/$entity",
"id": "va-_-google-_-chrome",

4
windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md
View File

@ -1,5 +1,5 @@
---
title: Get recommendation by machines
title: List machines by recommendation
description: Retrieves a list of machines associated with the security recommendation.
keywords: apis, graph api, supported apis, get, security recommendation for vulnerable machines, threat and vulnerability management, threat and vulnerability management api
search.product: eADQiWindows 10XVcnh
@ -16,7 +16,7 @@ ms.collection: M365-security-compliance
ms.topic: article
---
# Get recommendation by machines
# List machines by recommendation
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)

3
windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md
View File

@ -65,8 +65,7 @@ GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chr
Here is an example of the response.
```
Content-type: json
```json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Analytics.Contracts.PublicAPI.PublicProductDto",
"id": "google-_-chrome",

10
windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md
View File

@ -1,5 +1,5 @@
---
title: Get recommendation by vulnerabilities
title: List vulnerabilities by recommendation
description: Retrieves a list of vulnerabilities associated with the security recommendation.
keywords: apis, graph api, supported apis, get, list of vulnerabilities, security recommendation, security recommendation for vulnerabilities, threat and vulnerability management, threat and vulnerability management api
search.product: eADQiWindows 10XVcnh
@ -16,7 +16,7 @@ ms.collection: M365-security-compliance
ms.topic: article
---
# Get recommendation by vulnerabilities
# List vulnerabilities by recommendation
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
@ -65,8 +65,7 @@ GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chr
Here is an example of the response.
```
Content-type: json
```json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)",
"value": [
@ -85,7 +84,8 @@ Content-type: json
"exploitTypes": [],
"exploitUris": []
}
]
...
]
}
```

3
windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md
View File

@ -81,7 +81,8 @@ Here is an example of the response.
"installations": 750,
"vulnerabilities": 0
}
]
...
]
}
```

29
windows/security/threat-protection/microsoft-defender-atp/get-software.md
View File

@ -17,10 +17,10 @@ ms.topic: article
---
# List software inventory API
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](../../includes/prerelease.md)]
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
Retrieves the organization software inventory.
@ -66,20 +66,21 @@ GET https://api.securitycenter.windows.com/api/Software
Here is an example of the response.
```
```json
{
"@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Software",
"value": [
{
"id": "microsoft-_-edge",
"name": "edge",
"vendor": "microsoft",
"weaknesses": 467,
"publicExploit": true,
"activeAlert": false,
"exposedMachines": 172,
"impactScore": 2.39947438
}
{
"id": "microsoft-_-edge",
"name": "edge",
"vendor": "microsoft",
"weaknesses": 467,
"publicExploit": true,
"activeAlert": false,
"exposedMachines": 172,
"impactScore": 2.39947438
}
...
]
}
```

31
windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md
View File

@ -71,21 +71,22 @@ Here is an example of the response.
{
"@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)",
"value": [
{
"id": "CVE-2017-0140",
"name": "CVE-2017-0140",
"description": "A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how affected Microsoft Edge handles different-origin requests.",
"severity": "Medium",
"cvssV3": 4.2,
"exposedMachines": 1,
"publishedOn": "2017-03-14T00:00:00Z",
"updatedOn": "2019-10-03T00:03:00Z",
"publicExploit": false,
"exploitVerified": false,
"exploitInKit": false,
"exploitTypes": [],
"exploitUris": []
}
{
"id": "CVE-2017-0140",
"name": "CVE-2017-0140",
"description": "A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how affected Microsoft Edge handles different-origin requests.",
"severity": "Medium",
"cvssV3": 4.2,
"exposedMachines": 1,
"publishedOn": "2017-03-14T00:00:00Z",
"updatedOn": "2019-10-03T00:03:00Z",
"publicExploit": false,
"exploitVerified": false,
"exploitInKit": false,
"exploitTypes": [],
"exploitUris": []
}
...
]
}
```

3
windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md
View File

@ -65,8 +65,7 @@ GET https://api.securitycenter.windows.com/api/Vulnerabilities/CVE-2019-0608
Here is an example of the response.
```
Content-type: json
```json
{
"@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Vulnerabilities/$entity",
"id": "CVE-2019-0608",

39
windows/security/threat-protection/microsoft-defender-atp/score.md
View File

@ -37,41 +37,4 @@ Property | Type | Description
:---|:---|:---
Score | Double | The current score.
Time | DateTime | The date and time in which the call for this API was made.
RbacGroupId | Nullable Int | RBAC Group ID.
### Response example for getting machine groups score:
```
GET https://api.securitycenter.windows.com/api/exposureScore/byMachineGroups
```
```json
{
"@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ExposureScore",
"value": [
{
"time": "2019-12-03T07:26:49.9376328Z",
"score": 41.38041766305988,
"rbacGroupId": 10
},
{
"time": "2019-12-03T07:26:49.9376375Z",
"score": 23.58823563070858,
"rbacGroupId": 5
},
{
"time": "2019-12-03T07:26:49.9376382Z",
"score": 37.403726933165366,
"rbacGroupId": 11
},
{
"time": "2019-12-03T07:26:49.9376388Z",
"score": 26.323200116475423,
"rbacGroupId": 9
}
]
}
```
RbacGroupName | String | The machine group name.