s

2025-06-05 17:17:22 +00:00 · 2019-03-13 15:04:52 +02:00 · 2019-03-13 15:04:52 +02:00 · e0e5077807
commit e0e5077807
parent 4a1086e038
6 changed files with 32 additions and 17 deletions
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@ -235,7 +235,7 @@
 ###### [Troubleshoot onboarding issues](windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
 ####### [Troubleshoot subscription and portal access issues](windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
   
-##### [Windows Defender ATP Open API](windows-defender-atp/use-apis.md)
+##### [Windows Defender ATP API](windows-defender-atp/use-apis.md)
 ###### [Get started](windows-defender-atp/apis-intro.md)
 ####### [Hello World](windows-defender-atp/api-hello-world.md)
 ####### [Get access with application context](windows-defender-atp/exposed-apis-create-app-webapp.md)
@ -330,8 +330,8 @@
 ###### [Enable SIEM integration](windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md)
 ###### [Configure Splunk to pull alerts](windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md)
 ###### [Configure HP ArcSight to pull alerts](windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md)
-###### [Windows Defender ATP alert API fields](windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md)
-###### [Pull alerts using REST API](windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
+###### [Windows Defender ATP SIEM alert API fields](windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md)
+###### [Pull alerts using SIEM REST API](windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
 ###### [Troubleshoot SIEM tool integration issues](windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md)


--- a/windows/security/threat-protection/windows-defender-atp/TOC.md
+++ b/windows/security/threat-protection/windows-defender-atp/TOC.md
@ -232,7 +232,7 @@
 ###### [Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
  

-#### [Windows Defender ATP Open API](use-apis.md)
+#### [Windows Defender ATP API](use-apis.md)
 ##### [Get started](apis-intro.md)
 ###### [Hello World](api-hello-world.md)
 ###### [Get access with application context](exposed-apis-create-app-webapp.md)
@ -320,8 +320,8 @@
 ##### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md)
 ##### [Configure Splunk to pull alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
 ##### [Configure HP ArcSight to pull alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
-##### [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
-##### [Pull alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
+##### [Windows Defender ATP SIEM alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
+##### [Pull alerts using SIEM REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
 ##### [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)


--- a/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
@ -18,7 +18,7 @@ ms.topic: article
 ms.date: 10/16/2017
 ---

-# Windows Defender ATP alert API fields
+# Windows Defender ATP SIEM alert API fields

 **Applies to:**

--- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md
+++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md
@ -278,5 +278,23 @@ Content-type: application/json
 }
 ```

+### Example 7
+
+- Get the count of open alerts for a specific machine:
+
+```
+HTTP GET  https://api.securitycenter.windows.com/api/machines/123321d0c675eaa415b8e5f383c6388bff446c62/alerts/$count?$filter=status ne 'Resolved'
+```
+
+**Response:**
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+
+4
+
+```
+
 ## Related topic
 - [Windows Defender ATP APIs](apis-intro.md)
--- a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---

-# Pull Windows Defender ATP alerts using REST API
+# Pull Windows Defender ATP alerts using SIEM REST API

 **Applies to:**
 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
--- a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md
+++ b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md
@ -18,22 +18,19 @@ ms.date: 09/03/2018
 ---

 # Advanced hunting API
-**Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP)

+**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)

 [!include[Prerelease information](prerelease.md)]

-
-
 This API allows you to run programmatic queries that you are used to running from [Windows Defender ATP Portal](https://securitycenter.windows.com/hunting).


 ## Limitations
-This API is a beta version only and is currently restricted to the following actions:
-1. You can only run a query on data from the last 30 days
+1. You can only run a query on data from the last 30 days
 2. The results will include a maximum of 10,000 rows
-3. The number of executions is limited (up to 15 calls per minute, 15 minutes of running time every hour and 4 hours of running time a day)
+3. The number of executions is limited (up to 15 calls per minute, 15 minutes of running time every hour and 4 hours of running time a day)
+4. The execution time of each request is limited to 10 minutes.

 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
@ -45,7 +42,7 @@ Delegated (work or school account) | AdvancedQuery.Read | 'Run advanced queries'

 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have 'Global Admin' AD role (note: will be updated soon to 'View Data')
+>- The user needs to have 'View Data' AD role
 >- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)

 ## HTTP request
@ -135,7 +132,7 @@ Content-Type: application/json

 ## Troubleshoot issues

- Error: (403) Forbidden
+- Error: (403) Forbidden / (401) Unauthorized
 	
 	
    If you get this error when calling Windows Defender ATP API, your token might not include the necessary permission.