deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 18:33:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

new topic and update to generic api

Browse Source
This commit is contained in:
Joey Caparas
2017-03-13 17:16:58 -07:00
parent 94426d69d9
commit d83ddd2dc5
2 changed files with 28 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
windows/keep-secure/generic-api-windows-defender-advanced-threat-protection.md
View File

@ -25,19 +25,19 @@ Use this method in the Windows Defender ATP API to get alerts in JSON format.
## Before you begin
- Before calling the Windows Defender ATP endpoint to get alerts, you'll need to enable the threat intelligence application in Azure Active Directory. For more information, see [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md). <br><br>
- Have the access token that you generated from the **SIEM integration** ready for use in the request header.
- Have the access token that you generated from the **SIEM integration** feature ready for use in the request header.
## Request
### Request syntax
Method | Request URI
:---|:---|
GET| For EU: `https://wdatp-alertexporter-eu.windows.com/api/alerts` </br> For US: `https://wdatp-alertexporter-us.windows.com/api/alerts`
GET| Use the URI applicable for your region. <br><br> **For EU**: `https://wdatp-alertexporter-eu.windows.com/api/alerts` </br> **For US**: `https://wdatp-alertexporter-us.windows.com/api/alerts`
### Request header
| Header | Type | Description |
|---------------|--------|-----------------------------------------------------------------------------|
| Authorization | string | Required. The Azure AD access token in the form **Bearer** &lt;*token*&gt;. |
Header | Type | Description|
:--|:--|:--
Authorization | string | Required. The Azure AD access token in the form **Bearer** &lt;*token*&gt;. |
### Request parameters
@ -51,7 +51,6 @@ int?limit | int | Defines the number of alerts to be retrieved. Most recent aler
### Request example
The following example demonstrates how to retrieve all the alerts in your organization.
```syntax
GET https://wdatp-alertexporter-eu.windows.com/api/alerts
Authorization: Bearer <your access token>

22
windows/keep-secure/siem-portal-mapping-windows-defender-advanced-threat-protection.md Normal file
View File

@ -0,0 +1,22 @@
---
title: Security information and events management (SIEM) schema and portal mapping
description: Get alerts from the Windows Defender ATP portal REST API.
keywords: alerts, get alerts, rest api, request, response,
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: mjcaparas
localizationpriority: high
---
# Get Windows Defender ATP alerts using REST API
**Applies to:**
- Windows 10 Enterprise
- Windows 10 Education
- Windows 10 Pro
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)