diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md new file mode 100644 index 0000000000..34c6863e7d --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md @@ -0,0 +1,104 @@ +--- +title: List all recommendations +description: Retrieves a list of all security recommendations affecting the organization. +keywords: apis, graph api, supported apis, get, security recommendations, mdatp tvm api, threat and vulnerability management, threat and vulnerability management api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# List all recommendations +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a list of all security recommendations affecting the organization. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information' +Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information' + +## HTTP request +``` +GET /api/recommendations +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the list of security recommendations in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/recommendations +``` + +**Response** + +Here is an example of the response. + + +``` +Content-type: json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations", + "value": [ + { + "id": "va-_-microsoft-_-windows_10", + "productName": "windows_10", + "recommendationName": "Update Windows 10", + "weaknesses": 397, + "vendor": "microsoft", + "recommendedVersion": "", + "recommendationCategory": "Application", + "subCategory": "", + "severityScore": 0, + "publicExploit": true, + "activeAlert": false, + "associatedThreats": [ + "3098b8ef-23b1-46b3-aed4-499e1928f9ed", + "40c189d5-0330-4654-a816-e48c2b7f9c4b", + "4b0c9702-9b6c-4ca2-9d02-1556869f56f8", + "e8fc2121-3cf3-4dd2-9ea0-87d7e1d2b29d", + "94b6e94b-0c1d-4817-ac06-c3b8639be3ab" + ], + "remediationType": "Update", + "status": "Active", + "configScoreImpact": 0, + "exposureImpact": 7.674418604651163, + "totalMachineCount": 37, + "exposedMachinesCount": 7, + "nonProductivityImpactedAssets": 0, + "relatedComponent": "Windows 10" + }, +… +} +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md new file mode 100644 index 0000000000..01869cd89b --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md @@ -0,0 +1,92 @@ +--- +title: Get all vulnerabilities +description: Retrieves a list of all the vulnerabilities affecting the organization +keywords: apis, graph api, supported apis, get, vulnerability information, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get all vulnerabilities +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a list of all the vulnerabilities affecting the organization. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information' +Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information' + +## HTTP request +``` +GET /api/vulnerabilities +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the list of vulnerabilities in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Vulnerabilities +``` + +**Response** + +Here is an example of the response. + + +``` +Content-type: json +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Vulnerabilities", + "value": [ + { + "id": "CVE-2019-0608", + "name": "CVE-2019-0608", + "description": "A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could impersonate a user request by crafting HTTP queries. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.To exploit the vulnerability, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it.In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or instant message, and then convince the user to interact with content on the website.The update addresses the vulnerability by correcting how Microsoft Browsers parses HTTP responses.", + "severity": "Medium", + "cvssV3": 4.3, + "exposedMachines": 4, + "publishedOn": "2019-10-08T00:00:00Z", + "updatedOn": "2019-12-16T16:20:00Z", + "publicExploit": false, + "exploitVerified": false, + "exploitInKit": false, + "exploitTypes": [], + "exploitUris": [] + }, + { +.. +} +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md new file mode 100644 index 0000000000..dd922cae08 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md @@ -0,0 +1,89 @@ +--- +title: List machines by software +description: Retrieve a list of machines that has this software installed. +keywords: apis, graph api, supported apis, get, list machines, machines list, list machines by software, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# List machines by software + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieve a list of machines that has this software installed + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information' +Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information' + +## HTTP request +``` +GET /api/Software/{Id}/machineReferences +``` + +## Request headers + +| Name | Type | Description +|:--------------|:-------|:--------------| +| Authorization | String | Bearer {token}.**Required**. + +## Request body +Empty + +## Response +If successful, this method returns 200 OK and a list of machines with the software installed in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/machineReferences +``` + +**Response** + +Here is an example of the response. + +```json + +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#MachineReferences", + "value": [ + { + "id": "7c7e1896fa39efb0a32a2cf421d837af1b9bf762", + "computerDnsName": "dave_desktop", + "osPlatform": "Windows10", + "rbacGroupId": 9 + }, + { + "id": "7d5cc2e7c305e4a0a290392abf6707f9888fda0d", + "computerDnsName": "jane_PC", + "osPlatform": "Windows10", + "rbacGroupId": 9 + }, +… +} +``` + diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md new file mode 100644 index 0000000000..37a235d516 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md @@ -0,0 +1,88 @@ +--- +title: List machines by vulnerability +description: Retrieves a list of machines affected by a vulnerability. +keywords: apis, graph api, supported apis, get, machines list, vulnerable machines, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# List machines by vulnerability +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a list of machines affected by a vulnerability. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application |Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information' +Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information' + +## HTTP request +``` +GET /api/vulnerabilities/{cveId}/machineReferences +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the vulnerability information in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/vulnerabilities/CVE-2019-0608/machineReferences +``` + +**Response** + +Here is an example of the response. + + +``` +Content-type: json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineReferences", + "value": [ + { + "id": "235a2e6278c63fcf85bab9c370396972c58843de", + "computerDnsName": "h1mkn_PC", + "osPlatform": "Windows10", + "rbacGroupId": 1268 + }, + { + "id": "afb3f807d1a185ac66668f493af028385bfca184", + "computerDnsName": "chat_Desk ", + "osPlatform": "Windows10", + "rbacGroupId": 410 + } + ] + } +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md new file mode 100644 index 0000000000..86f7eef853 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md @@ -0,0 +1,93 @@ +--- +title: Get recommendation by Id +description: Retrieves a security recommendation by its ID. +keywords: apis, graph api, supported apis, get, security recommendation, security recommendation by ID, threat and vulnerability management, threat and vulnerability management api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get recommendation by ID +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a security recommendation by its ID. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information' +Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information' + +## HTTP request +``` +GET /api/recommendations/{id} +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the security recommendations in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome +``` + +**Response** + +Here is an example of the response. + +``` +Content-type: json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations/$entity", + "id": "va-_-google-_-chrome", + "productName": "chrome", + "recommendationName": "Update Chrome", + "weaknesses": 38, + "vendor": "google", + "recommendedVersion": "", + "recommendationCategory": "Application", + "subCategory": "", + "severityScore": 0, + "publicExploit": false, + "activeAlert": false, + "associatedThreats": [], + "remediationType": "Update", + "status": "Active", + "configScoreImpact": 0, + "exposureImpact": 3.9441860465116285, + "totalMachineCount": 6, + "exposedMachinesCount": 5, + "nonProductivityImpactedAssets": 0, + "relatedComponent": "Chrome" +} +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md new file mode 100644 index 0000000000..772dc4e34b --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md @@ -0,0 +1,81 @@ +--- +title: Get recommendation machines +description: Retrieves a list of machines associated with the security recommendation. +keywords: apis, graph api, supported apis, get, security recommendation for vulnerable machines, threat and vulnerability management, threat and vulnerability management api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get recommendation machines +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a list of machines associated with the security recommendation. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information' +Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information' + +## HTTP request +``` +GET /api/recommendations/{id}/machineReferences +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the list of machines associated with the security recommendation. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/machineReferences +``` + +**Response** + +Here is an example of the response. + +``` +Content-type: json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineReferences", + "value": [ + { + "id": "e058770379bc199a9c179ce52a23e16fd44fd2ee", + "computerDnsName": "niw_pc", + "osPlatform": "Windows10", + "rbacGroupId": 2154 + }, +… +} +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md new file mode 100644 index 0000000000..4032adfef3 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md @@ -0,0 +1,81 @@ +--- +title: Get recommendation software +description: Retrieves a security recommendation related to a specific software. +keywords: apis, graph api, supported apis, get, security recommendation, security recommendation for software, threat and vulnerability management, threat and vulnerability management api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get recommendation software +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a security recommendation related to a specific software. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information' +Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information' + +## HTTP request +``` +GET /api/recommendations/{id}/software +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the software associated with the security recommendations in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/software +``` + +**Response** + +Here is an example of the response. + +``` +Content-type: json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Analytics.Contracts.PublicAPI.PublicProductDto", + "id": "google-_-chrome", + "name": "chrome", + "vendor": "google", + "weaknesses": 38, + "publicExploit": false, + "activeAlert": false, + "exposedMachines": 5, + "impactScore": 3.94418621 +} +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md new file mode 100644 index 0000000000..954479aad6 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md @@ -0,0 +1,90 @@ +--- +title: Get recommendation vulnerabilities +description: Retrieves a list of vulnerabilities associated with the security recommendation. +keywords: apis, graph api, supported apis, get, list of vulnerabilities, security recommendation, security recommendation for vulnerabilities, threat and vulnerability management, threat and vulnerability management api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get recommendation vulnerabilities +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a list of vulnerabilities associated with the security recommendation. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information' +Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information' + +## HTTP request +``` +GET /api/recommendations/{id}/vulnerabilities +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK, with the list of vulnerabilities associated with the security recommendation. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/vulnerabilities +``` + +**Response** + +Here is an example of the response. + +``` +Content-type: json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", + "value": [ + { + "id": "CVE-2019-13748", + "name": "CVE-2019-13748", + "description": "Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", + "severity": "Medium", + "cvssV3": 6.5, + "exposedMachines": 0, + "publishedOn": "2019-12-10T00:00:00Z", + "updatedOn": "2019-12-16T12:15:00Z", + "publicExploit": false, + "exploitVerified": false, + "exploitInKit": false, + "exploitTypes": [], + "exploitUris": [] + }, +… +} +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md new file mode 100644 index 0000000000..663bac6747 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md @@ -0,0 +1,83 @@ +--- +title: Get software by Id +description: Retrieves a list of exposure scores by machine group. +keywords: apis, graph api, supported apis, get, software, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get software by Id + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves software details by ID + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information' +Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information' + +## HTTP request +``` +GET /api/Software/{Id} +``` + +## Request headers + +| Name | Type | Description +|:--------------|:-------|:--------------| +| Authorization | String | Bearer {token}.**Required**. + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the specified software data in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge +``` + +**Response** + +Here is an example of the response. + +```json + +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Software/$entity", + "id": "microsoft-_-edge", + "name": "edge", + "vendor": "microsoft", + "weaknesses": 467, + "publicExploit": true, + "activeAlert": false, + "exposedMachines": 172, + "impactScore": 2.39947438 +} +``` + diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md new file mode 100644 index 0000000000..39a3275bf2 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md @@ -0,0 +1,86 @@ +--- +title: List software version distribution +description: Retrieves a list of your organization's software version distribution +keywords: apis, graph api, supported apis, get, software version distribution, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# List software version distribution + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a list of your organization's software version distribution + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information' +Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information' + +## HTTP request +``` +GET /api/Software/{Id}/distributions +``` + +## Request headers + +| Name | Type | Description +|:--------------|:-------|:--------------| +| Authorization | String | Bearer {token}.**Required**. + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with a list of software distributions data in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/distributions +``` + +**Response** + +Here is an example of the response. + +```json + +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Distributions", + "value": [ + { + "version": "11.0.17134.1039", + "installations": 1, + "vulnerabilities": 11 + }, + { + "version": "11.0.18363.535", + "installations": 750, + "vulnerabilities": 0 + }, +… +} + diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-software.md new file mode 100644 index 0000000000..67bfa09292 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software.md @@ -0,0 +1,84 @@ +--- +title: List software +description: Retrieves a list of software inventory +keywords: apis, graph api, supported apis, get, list, file, information, software inventory, threat & vulnerability management api, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# List software inventory API +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves the organization software inventory + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application |Software.Read.All | 'Read Threat and Vulnerability Management Software information' +Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information' + +## HTTP request +``` +GET /api/Software +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the software inventory in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Software +``` + +**Response** + +Here is an example of the response. + + +``` +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Software", + "value": [ + { + "id": "microsoft-_-edge", + "name": "edge", + "vendor": "microsoft", + "weaknesses": 467, + "publicExploit": true, + "activeAlert": false, + "exposedMachines": 172, + "impactScore": 2.39947438 + }, +…. +} \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md new file mode 100644 index 0000000000..6984c10ec6 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md @@ -0,0 +1,93 @@ +--- +title: List vulnerabilities by software +description: Retrieve a list of vulnerabilities in the installed software. +keywords: apis, graph api, supported apis, get, vulnerabilities list, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# List vulnerabilities by software + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieve a list of vulnerabilities in the installed software. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information' +Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information' + +## HTTP request +``` +GET /api/Software/{Id}/vulnerabilities +``` + +## Request headers + +| Name | Type | Description +|:--------------|:-------|:--------------| +| Authorization | String | Bearer {token}.**Required**. + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with a a list of vulnerabilities exposed by the specified software. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/vulnerabilities +``` + +**Response** + +Here is an example of the response. + +```json + +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", + "value": [ + { + "id": "CVE-2017-0140", + "name": "CVE-2017-0140", + "description": "A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how affected Microsoft Edge handles different-origin requests.", + "severity": "Medium", + "cvssV3": 4.2, + "exposedMachines": 1, + "publishedOn": "2017-03-14T00:00:00Z", + "updatedOn": "2019-10-03T00:03:00Z", + "publicExploit": false, + "exploitVerified": false, + "exploitInKit": false, + "exploitTypes": [], + "exploitUris": [] + }, + +… +} +``` + diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md new file mode 100644 index 0000000000..f87c04ae43 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md @@ -0,0 +1,86 @@ +--- +title: Get vulnerability by Id +description: Retrieves vulnerability information by its ID. +keywords: apis, graph api, supported apis, get, vulnerability information, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get vulnerability by ID +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves vulnerability information by its ID. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information' +Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information' + +## HTTP request +``` +GET /api/vulnerabilities/{cveId} +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the vulnerability information in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Vulnerabilities/CVE-2019-0608 +``` + +**Response** + +Here is an example of the response. + +``` +Content-type: json +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Vulnerabilities/$entity", + "id": "CVE-2019-0608", + "name": "CVE-2019-0608", + "description": "A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could impersonate a user request by crafting HTTP queries. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.To exploit the vulnerability, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it.In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or instant message, and then convince the user to interact with content on the website.The update addresses the vulnerability by correcting how Microsoft Browsers parses HTTP responses.", + "severity": "Medium", + "cvssV3": 4.3, + "exposedMachines": 4, + "publishedOn": "2019-10-08T00:00:00Z", + "updatedOn": "2019-12-16T16:20:00Z", + "publicExploit": false, + "exploitVerified": false, + "exploitInKit": false, + "exploitTypes": [], + "exploitUris": [] +} +```