mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-16 19:03:46 +00:00
new topic and update to generic api
This commit is contained in:
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
title: Get Windows Defender ATP alerts using REST API
|
title: Get Windows Defender ATP alerts using REST API
|
||||||
description: Get alerts from the Windows Defender ATP portal REST API.
|
description: Get alerts from the Windows Defender ATP portal REST API.
|
||||||
keywords: alerts, get alerts, rest api, request, response,
|
keywords: alerts, get alerts, rest api, request, response,
|
||||||
search.product: eADQiWindows 10XVcnh
|
search.product: eADQiWindows 10XVcnh
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.mktglfcycl: deploy
|
ms.mktglfcycl: deploy
|
||||||
@ -25,19 +25,19 @@ Use this method in the Windows Defender ATP API to get alerts in JSON format.
|
|||||||
|
|
||||||
## Before you begin
|
## Before you begin
|
||||||
- Before calling the Windows Defender ATP endpoint to get alerts, you'll need to enable the threat intelligence application in Azure Active Directory. For more information, see [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md). <br><br>
|
- Before calling the Windows Defender ATP endpoint to get alerts, you'll need to enable the threat intelligence application in Azure Active Directory. For more information, see [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md). <br><br>
|
||||||
- Have the access token that you generated from the **SIEM integration** ready for use in the request header.
|
- Have the access token that you generated from the **SIEM integration** feature ready for use in the request header.
|
||||||
|
|
||||||
## Request
|
## Request
|
||||||
### Request syntax
|
### Request syntax
|
||||||
|
|
||||||
Method | Request URI
|
Method | Request URI
|
||||||
:---|:---|
|
:---|:---|
|
||||||
GET| For EU: `https://wdatp-alertexporter-eu.windows.com/api/alerts` </br> For US: `https://wdatp-alertexporter-us.windows.com/api/alerts`
|
GET| Use the URI applicable for your region. <br><br> **For EU**: `https://wdatp-alertexporter-eu.windows.com/api/alerts` </br> **For US**: `https://wdatp-alertexporter-us.windows.com/api/alerts`
|
||||||
|
|
||||||
### Request header
|
### Request header
|
||||||
| Header | Type | Description |
|
Header | Type | Description|
|
||||||
|---------------|--------|-----------------------------------------------------------------------------|
|
:--|:--|:--
|
||||||
| Authorization | string | Required. The Azure AD access token in the form **Bearer** <*token*>. |
|
Authorization | string | Required. The Azure AD access token in the form **Bearer** <*token*>. |
|
||||||
|
|
||||||
### Request parameters
|
### Request parameters
|
||||||
|
|
||||||
@ -51,7 +51,6 @@ int?limit | int | Defines the number of alerts to be retrieved. Most recent aler
|
|||||||
### Request example
|
### Request example
|
||||||
The following example demonstrates how to retrieve all the alerts in your organization.
|
The following example demonstrates how to retrieve all the alerts in your organization.
|
||||||
|
|
||||||
|
|
||||||
```syntax
|
```syntax
|
||||||
GET https://wdatp-alertexporter-eu.windows.com/api/alerts
|
GET https://wdatp-alertexporter-eu.windows.com/api/alerts
|
||||||
Authorization: Bearer <your access token>
|
Authorization: Bearer <your access token>
|
||||||
|
@ -0,0 +1,22 @@
|
|||||||
|
---
|
||||||
|
title: Security information and events management (SIEM) schema and portal mapping
|
||||||
|
description: Get alerts from the Windows Defender ATP portal REST API.
|
||||||
|
keywords: alerts, get alerts, rest api, request, response,
|
||||||
|
search.product: eADQiWindows 10XVcnh
|
||||||
|
ms.prod: w10
|
||||||
|
ms.mktglfcycl: deploy
|
||||||
|
ms.sitesec: library
|
||||||
|
ms.pagetype: security
|
||||||
|
author: mjcaparas
|
||||||
|
localizationpriority: high
|
||||||
|
---
|
||||||
|
|
||||||
|
# Get Windows Defender ATP alerts using REST API
|
||||||
|
|
||||||
|
**Applies to:**
|
||||||
|
|
||||||
|
- Windows 10 Enterprise
|
||||||
|
- Windows 10 Education
|
||||||
|
- Windows 10 Pro
|
||||||
|
- Windows 10 Pro Education
|
||||||
|
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
Reference in New Issue
Block a user