deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-17 15:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into quarentine-file

Browse Source
This commit is contained in:
Beth Levin 2020-12-29 08:13:52 -08:00
commit e8a0064245
107 changed files with 724 additions and 373 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/includes/improve-request-performance.md
View File

@ -16,7 +16,7 @@ ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
--- ---
>[!NOTE] >[!TIP]
>For better performance, you can use server closer to your geo location: >For better performance, you can use server closer to your geo location:
> - api-us.securitycenter.microsoft.com > - api-us.securitycenter.microsoft.com
> - api-eu.securitycenter.microsoft.com > - api-eu.securitycenter.microsoft.com

20
windows/security/includes/microsoft-defender-api-usgov.md Normal file
View File

@ -0,0 +1,20 @@
---
title: Microsoft Defender for Endpoint API URIs for US Government
description: Microsoft Defender for Endpoint API URIs for US Government
keywords: defender, endpoint, api, government, gov
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
>[!NOTE]
>If you are a US Government customer, please use the URIs listed in [Microsoft Defender for Endpoint for US Government GCC High customers](../threat-protection/microsoft-defender-atp/gov.md#api).

2
windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
View File

@ -95,7 +95,7 @@ The server side configuration to enable Network Unlock also requires provisionin
The following steps allow an administrator to configure Network Unlock in a domain where the Domain Functional Level is at least Windows Server 2012. The following steps allow an administrator to configure Network Unlock in a domain where the Domain Functional Level is at least Windows Server 2012.
### <a href="" id="bkmk-installwdsrole"><a/>Install the WDS Server role ### <a href="" id="bkmk-installwdsrole"></a>Install the WDS Server role
The BitLocker Network Unlock feature will install the WDS role if it is not already installed. If you want to install it separately before you install BitLocker Network Unlock you can use Server Manager or Windows PowerShell. To install the role using Server Manager, select the **Windows Deployment Services** role in Server Manager. The BitLocker Network Unlock feature will install the WDS role if it is not already installed. If you want to install it separately before you install BitLocker Network Unlock you can use Server Manager or Windows PowerShell. To install the role using Server Manager, select the **Windows Deployment Services** role in Server Manager.

4
windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md
View File

@ -11,7 +11,7 @@ ms.localizationpriority: medium
author: denisebmsft author: denisebmsft
ms.author: deniseb ms.author: deniseb
ms.custom: nextgen ms.custom: nextgen
ms.date: 11/18/2020 ms.date: 12/28/2020
ms.reviewer: ms.reviewer:
manager: dansimp manager: dansimp
--- ---
@ -113,7 +113,7 @@ You will also see a detection under **Quarantined threats** in the **Scan histor
> [!NOTE] > [!NOTE]
> Versions of Windows 10 before version 1703 have a different user interface. See [Microsoft Defender Antivirus in the Windows Security app](microsoft-defender-security-center-antivirus.md). > Versions of Windows 10 before version 1703 have a different user interface. See [Microsoft Defender Antivirus in the Windows Security app](microsoft-defender-security-center-antivirus.md).
The Windows event log will also show [Windows Defender client event ID 2050](troubleshoot-microsoft-defender-antivirus.md). The Windows event log will also show [Windows Defender client event ID 1116](troubleshoot-microsoft-defender-antivirus.md).
## Related articles ## Related articles

5
windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md
View File

@ -10,7 +10,7 @@ ms.localizationpriority: medium
author: denisebmsft author: denisebmsft
ms.author: deniseb ms.author: deniseb
ms.custom: nextgen ms.custom: nextgen
ms.date: 11/18/2020 ms.date: 12/28/2020
ms.reviewer: jesquive ms.reviewer: jesquive
manager: dansimp manager: dansimp
--- ---
@ -84,11 +84,10 @@ See the [Download and unpackage](#download-and-unpackage-the-latest-updates) sec
Now you can get started on downloading and installing new updates. Weve created a sample PowerShell script for you below. This script is the easiest way to download new updates and get them ready for your VMs. You should then set the script to run at a certain time on the management machine by using a scheduled task (or, if youre familiar with using PowerShell scripts in Azure, Intune, or SCCM, you could also use those scripts). Now you can get started on downloading and installing new updates. Weve created a sample PowerShell script for you below. This script is the easiest way to download new updates and get them ready for your VMs. You should then set the script to run at a certain time on the management machine by using a scheduled task (or, if youre familiar with using PowerShell scripts in Azure, Intune, or SCCM, you could also use those scripts).
```PowerShell ```PowerShell
$vdmpathbase = 'c:\wdav-update\{00000000-0000-0000-0000-' $vdmpathbase = "$env:systemdrive\wdav-update\{00000000-0000-0000-0000-"
$vdmpathtime = Get-Date -format "yMMddHHmmss" $vdmpathtime = Get-Date -format "yMMddHHmmss"
$vdmpath = $vdmpathbase + $vdmpathtime + '}' $vdmpath = $vdmpathbase + $vdmpathtime + '}'
$vdmpackage = $vdmpath + '\mpam-fe.exe' $vdmpackage = $vdmpath + '\mpam-fe.exe'
$args = @("/x")
New-Item -ItemType Directory -Force -Path $vdmpath | Out-Null New-Item -ItemType Directory -Force -Path $vdmpath | Out-Null

2
windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md
View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.pagetype: security ms.pagetype: security
ms.localizationpriority: medium ms.localizationpriority: high
author: denisebmsft author: denisebmsft
ms.author: deniseb ms.author: deniseb
ms.date: 12/16/2020 ms.date: 12/16/2020

13
windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
View File

@ -23,7 +23,12 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
@ -54,7 +59,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
## HTTP request ## HTTP request
```http ```http
POST https://api.securitycenter.windows.com/api/machines/{id}/tags POST https://api.securitycenter.microsoft.com/api/machines/{id}/tags
``` ```
## Request headers ## Request headers
@ -84,10 +89,8 @@ If successful, this method returns 200 - Ok response code and the updated Machin
Here is an example of a request that adds machine tag. Here is an example of a request that adds machine tag.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```http ```http
POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/tags POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/tags
Content-type: application/json Content-type: application/json
{ {
"Value" : "test Tag 2", "Value" : "test Tag 2",

11
windows/security/threat-protection/microsoft-defender-atp/alerts.md
View File

@ -21,9 +21,14 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## Methods ## Methods
@ -71,7 +76,7 @@ comments | List of Alert comments | Alert Comment is an object that contains: co
### Response example for getting single alert: ### Response example for getting single alert:
``` ```
GET https://api.securitycenter.windows.com/api/alerts/da637084217856368682_-292920499 GET https://api.securitycenter.microsoft.com/api/alerts/da637084217856368682_-292920499
``` ```
```json ```json

10
windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md
View File

@ -26,6 +26,10 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## Get Alerts using a simple PowerShell script ## Get Alerts using a simple PowerShell script
@ -103,8 +107,8 @@ $tenantId = '' ### Paste your tenant ID here
$appId = '' ### Paste your Application ID here $appId = '' ### Paste your Application ID here
$appSecret = '' ### Paste your Application secret here $appSecret = '' ### Paste your Application secret here
$resourceAppIdUri = 'https://api.securitycenter.windows.com' $resourceAppIdUri = 'https://api.securitycenter.microsoft.com'
$oAuthUri = "https://login.windows.net/$TenantId/oauth2/token" $oAuthUri = "https://login.microsoftonline.com/$TenantId/oauth2/token"
$authBody = [Ordered] @{ $authBody = [Ordered] @{
resource = "$resourceAppIdUri" resource = "$resourceAppIdUri"
client_id = "$appId" client_id = "$appId"
@ -142,7 +146,7 @@ $dateTime = (Get-Date).ToUniversalTime().AddHours(-48).ToString("o")
# The URL contains the type of query and the time filter we create above # The URL contains the type of query and the time filter we create above
# Read more about other query options and filters at Https://TBD- add the documentation link # Read more about other query options and filters at Https://TBD- add the documentation link
$url = "https://api.securitycenter.windows.com/api/alerts?`$filter=alertCreationTime ge $dateTime" $url = "https://api.securitycenter.microsoft.com/api/alerts?`$filter=alertCreationTime ge $dateTime"
# Set the WebRequest headers # Set the WebRequest headers
$headers = @{ $headers = @{

2
windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md
View File

@ -24,7 +24,7 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
Automating security procedures is a standard requirement for every modern Security Operations Center. The lack of professional cyber defenders forces SOC to work in the most efficient way and automation is a must. Microsoft Power Automate supports different connectors that were built exactly for that. You can build an end-to-end procedure automation within a few minutes. Automating security procedures is a standard requirement for every modern Security Operations Center. The lack of professional cyber defenders forces SOC to work in the most efficient way and automation is a must. Microsoft Power Automate supports different connectors that were built exactly for that. You can build an end-to-end procedure automation within a few minutes.

10
windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md
View File

@ -24,7 +24,11 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
In this section you will learn create a Power BI report on top of Defender for Endpoint APIs. In this section you will learn create a Power BI report on top of Defender for Endpoint APIs.
@ -48,7 +52,7 @@ The first example demonstrates how to connect Power BI to Advanced Hunting API a
let let
AdvancedHuntingQuery = "DeviceEvents | where ActionType contains 'Anti' | limit 20", AdvancedHuntingQuery = "DeviceEvents | where ActionType contains 'Anti' | limit 20",
HuntingUrl = "https://api.securitycenter.windows.com/api/advancedqueries", HuntingUrl = "https://api.securitycenter.microsoft.com/api/advancedqueries",
Response = Json.Document(Web.Contents(HuntingUrl, [Query=[key=AdvancedHuntingQuery]])), Response = Json.Document(Web.Contents(HuntingUrl, [Query=[key=AdvancedHuntingQuery]])),
@ -114,7 +118,7 @@ The first example demonstrates how to connect Power BI to Advanced Hunting API a
Query = "MachineActions", Query = "MachineActions",
Source = OData.Feed("https://api.securitycenter.windows.com/api/" & Query, null, [Implementation="2.0", MoreColumns=true]) Source = OData.Feed("https://api.securitycenter.microsoft.com/api/" & Query, null, [Implementation="2.0", MoreColumns=true])
in in
Source Source

5
windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
View File

@ -22,10 +22,9 @@ ms.topic: conceptual
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Defender for Endpoint capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code). Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Defender for Endpoint capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).

13
windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
View File

@ -24,7 +24,12 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
Collect investigation package from a device. Collect investigation package from a device.
@ -49,7 +54,7 @@ Delegated (work or school account) | Machine.CollectForensics | 'Collect forensi
## HTTP request ## HTTP request
``` ```
POST https://api.securitycenter.windows.com/api/machines/{id}/collectInvestigationPackage POST https://api.securitycenter.microsoft.com/api/machines/{id}/collectInvestigationPackage
``` ```
## Request headers ## Request headers
@ -76,10 +81,8 @@ If successful, this method returns 201 - Created response code and [Machine Acti
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
``` ```
POST https://api.securitycenter.windows.com/api/machines/fb9ab6be3965095a09c057be7c90f0a2/collectInvestigationPackage POST https://api.securitycenter.microsoft.com/api/machines/fb9ab6be3965095a09c057be7c90f0a2/collectInvestigationPackage
Content-type: application/json Content-type: application/json
{ {
"Comment": "Collect forensics due to alert 1234" "Comment": "Collect forensics due to alert 1234"

12
windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
View File

@ -23,7 +23,11 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
@ -56,7 +60,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
## HTTP request ## HTTP request
``` ```
POST https://api.securitycenter.windows.com/api/alerts/CreateAlertByReference POST https://api.securitycenter.microsoft.com/api/alerts/CreateAlertByReference
``` ```
## Request headers ## Request headers
@ -91,10 +95,8 @@ If successful, this method returns 200 OK, and a new [alert](alerts.md) object i
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
``` ```
POST https://api.securitycenter.windows.com/api/alerts/CreateAlertByReference POST https://api.securitycenter.microsoft.com/api/alerts/CreateAlertByReference
``` ```
```json ```json
{ {

13
windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
View File

@ -23,7 +23,11 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
@ -45,12 +49,9 @@ Application | Ti.ReadWrite.All | 'Read and write Indicators'
## HTTP request ## HTTP request
``` ```
Delete https://api.securitycenter.windows.com/api/indicators/{id} Delete https://api.securitycenter.microsoft.com/api/indicators/{id}
``` ```
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## Request headers ## Request headers
Name | Type | Description Name | Type | Description
@ -72,5 +73,5 @@ If Indicator with the specified id was not found - 404 Not Found.
Here is an example of the request. Here is an example of the request.
``` ```
DELETE https://api.securitycenter.windows.com/api/indicators/995 DELETE https://api.securitycenter.microsoft.com/api/indicators/995
``` ```

10
windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
View File

@ -26,6 +26,10 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
This page describes how to create an application to get programmatic access to Defender for Endpoint on behalf of a user. This page describes how to create an application to get programmatic access to Defender for Endpoint on behalf of a user.
If you need programmatic access Microsoft Defender for Endpoint without a user, refer to [Access Microsoft Defender for Endpoint with application context](exposed-apis-create-app-webapp.md). If you need programmatic access Microsoft Defender for Endpoint without a user, refer to [Access Microsoft Defender for Endpoint with application context](exposed-apis-create-app-webapp.md).
@ -127,9 +131,9 @@ For more information on AAD tokens, see [Azure AD tutorial](https://docs.microso
public static class WindowsDefenderATPUtils public static class WindowsDefenderATPUtils
{ {
private const string Authority = "https://login.windows.net"; private const string Authority = "https://login.microsoftonline.com";
private const string WdatpResourceId = "https://api.securitycenter.windows.com"; private const string WdatpResourceId = "https://api.securitycenter.microsoft.com";
public static async Task<string> AcquireUserTokenAsync(string username, string password, string appId, string tenantId) public static async Task<string> AcquireUserTokenAsync(string username, string password, string appId, string tenantId)
{ {
@ -175,7 +179,7 @@ Verify to make sure you got a correct token:
```csharp ```csharp
var httpClient = new HttpClient(); var httpClient = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.windows.com/api/alerts"); var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.microsoft.com/api/alerts");
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);

15
windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md
View File

@ -25,6 +25,11 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
This page describes how to create an Azure Active Directory (Azure AD) application to get programmatic access to Microsoft Defender for Endpoint on behalf of your customers. This page describes how to create an Azure Active Directory (Azure AD) application to get programmatic access to Microsoft Defender for Endpoint on behalf of your customers.
@ -139,8 +144,8 @@ $tenantId = '' ### Paste your tenant ID here
$appId = '' ### Paste your Application ID here $appId = '' ### Paste your Application ID here
$appSecret = '' ### Paste your Application key here $appSecret = '' ### Paste your Application key here
$resourceAppIdUri = 'https://api.securitycenter.windows.com' $resourceAppIdUri = 'https://api.securitycenter.microsoft.com'
$oAuthUri = "https://login.windows.net/$TenantId/oauth2/token" $oAuthUri = "https://login.microsoftonline.com/$TenantId/oauth2/token"
$authBody = [Ordered] @{ $authBody = [Ordered] @{
resource = "$resourceAppIdUri" resource = "$resourceAppIdUri"
client_id = "$appId" client_id = "$appId"
@ -172,8 +177,8 @@ return $token
string appId = "11111111-1111-1111-1111-111111111111"; // Paste your own app ID here string appId = "11111111-1111-1111-1111-111111111111"; // Paste your own app ID here
string appSecret = "22222222-2222-2222-2222-222222222222"; // Paste your own app secret here for a test, and then store it in a safe place! string appSecret = "22222222-2222-2222-2222-222222222222"; // Paste your own app secret here for a test, and then store it in a safe place!
const string authority = "https://login.windows.net"; const string authority = "https://login.microsoftonline.com";
const string wdatpResourceId = "https://api.securitycenter.windows.com"; const string wdatpResourceId = "https://api.securitycenter.microsoft.com";
AuthenticationContext auth = new AuthenticationContext($"{authority}/{tenantId}/"); AuthenticationContext auth = new AuthenticationContext($"{authority}/{tenantId}/");
ClientCredential clientCredential = new ClientCredential(appId, appSecret); ClientCredential clientCredential = new ClientCredential(appId, appSecret);
@ -227,7 +232,7 @@ Sanity check to make sure you got a correct token:
``` ```
var httpClient = new HttpClient(); var httpClient = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.windows.com/api/alerts"); var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.microsoft.com/api/alerts");
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);

14
windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
View File

@ -26,6 +26,10 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
This page describes how to create an application to get programmatic access to Defender for Endpoint without a user. If you need programmatic access to Defender for Endpoint on behalf of a user, see [Get access with user context](exposed-apis-create-app-nativeapp.md). If you are not sure which access you need, see [Get started](apis-intro.md). This page describes how to create an application to get programmatic access to Defender for Endpoint without a user. If you need programmatic access to Defender for Endpoint on behalf of a user, see [Get access with user context](exposed-apis-create-app-nativeapp.md). If you are not sure which access you need, see [Get started](apis-intro.md).
Microsoft Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will help you automate work flows and innovate based on Defender for Endpoint capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code). Microsoft Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will help you automate work flows and innovate based on Defender for Endpoint capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
@ -117,8 +121,8 @@ $tenantId = '' ### Paste your tenant ID here
$appId = '' ### Paste your Application ID here $appId = '' ### Paste your Application ID here
$appSecret = '' ### Paste your Application key here $appSecret = '' ### Paste your Application key here
$resourceAppIdUri = 'https://api.securitycenter.windows.com' $resourceAppIdUri = 'https://api.securitycenter.microsoft.com'
$oAuthUri = "https://login.windows.net/$TenantId/oauth2/token" $oAuthUri = "https://login.microsoftonline.com/$TenantId/oauth2/token"
$authBody = [Ordered] @{ $authBody = [Ordered] @{
resource = "$resourceAppIdUri" resource = "$resourceAppIdUri"
client_id = "$appId" client_id = "$appId"
@ -150,8 +154,8 @@ The following code was tested with NuGet Microsoft.IdentityModel.Clients.ActiveD
string appId = "11111111-1111-1111-1111-111111111111"; // Paste your own app ID here string appId = "11111111-1111-1111-1111-111111111111"; // Paste your own app ID here
string appSecret = "22222222-2222-2222-2222-222222222222"; // Paste your own app secret here for a test, and then store it in a safe place! string appSecret = "22222222-2222-2222-2222-222222222222"; // Paste your own app secret here for a test, and then store it in a safe place!
const string authority = "https://login.windows.net"; const string authority = "https://login.microsoftonline.com";
const string wdatpResourceId = "https://api.securitycenter.windows.com"; const string wdatpResourceId = "https://api.securitycenter.microsoft.com";
AuthenticationContext auth = new AuthenticationContext($"{authority}/{tenantId}/"); AuthenticationContext auth = new AuthenticationContext($"{authority}/{tenantId}/");
ClientCredential clientCredential = new ClientCredential(appId, appSecret); ClientCredential clientCredential = new ClientCredential(appId, appSecret);
@ -204,7 +208,7 @@ The following is an example of sending a request to get a list of alerts **using
``` ```
var httpClient = new HttpClient(); var httpClient = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.windows.com/api/alerts"); var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.microsoft.com/api/alerts");
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);

15
windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md
View File

@ -22,8 +22,13 @@ ms.date: 09/24/2018
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
Full scenario using multiple APIs from Microsoft Defender for Endpoint. Full scenario using multiple APIs from Microsoft Defender for Endpoint.
@ -63,7 +68,7 @@ $appSecret = '22222222-2222-2222-2222-222222222222' # Paste your own app secret
$suspiciousUrl = 'www.suspiciousUrl.com' # Paste your own URL here $suspiciousUrl = 'www.suspiciousUrl.com' # Paste your own URL here
$resourceAppIdUri = 'https://securitycenter.onmicrosoft.com/windowsatpservice' $resourceAppIdUri = 'https://securitycenter.onmicrosoft.com/windowsatpservice'
$oAuthUri = "https://login.windows.net/$TenantId/oauth2/token" $oAuthUri = "https://login.microsoftonline.com/$TenantId/oauth2/token"
$authBody = [Ordered] @{ $authBody = [Ordered] @{
resource = "$resourceAppIdUri" resource = "$resourceAppIdUri"
client_id = "$appId" client_id = "$appId"
@ -75,7 +80,7 @@ $aadToken = $authResponse.access_token
#Get latest alert #Get latest alert
$alertUrl = "https://api.securitycenter.windows.com/api/alerts?`$top=10" $alertUrl = "https://api.securitycenter.microsoft.com/api/alerts?`$top=10"
$headers = @{ $headers = @{
'Content-Type' = 'application/json' 'Content-Type' = 'application/json'
Accept = 'application/json' Accept = 'application/json'
@ -108,7 +113,7 @@ $query = "NetworkCommunicationEvents
| where RemoteUrl == `"$suspiciousUrl`" | where RemoteUrl == `"$suspiciousUrl`"
| summarize ConnectionsCount = count() by MachineId" | summarize ConnectionsCount = count() by MachineId"
$queryUrl = "https://api.securitycenter.windows.com/api/advancedqueries/run" $queryUrl = "https://api.securitycenter.microsoft.com/api/advancedqueries/run"
$queryBody = ConvertTo-Json -InputObject @{ 'Query' = $query } $queryBody = ConvertTo-Json -InputObject @{ 'Query' = $query }
$queryResponse = Invoke-WebRequest -Method Post -Uri $queryUrl -Headers $headers -Body $queryBody -ErrorAction Stop $queryResponse = Invoke-WebRequest -Method Post -Uri $queryUrl -Headers $headers -Body $queryBody -ErrorAction Stop

13
windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md
View File

@ -30,9 +30,9 @@ ms.topic: article
### Endpoint URI: ### Endpoint URI:
> The service base URI is: https://api.securitycenter.windows.com > The service base URI is: https://api.securitycenter.microsoft.com
> >
> The queries based OData have the '/api' prefix. For example, to get Alerts you can send GET request to https://api.securitycenter.windows.com/api/alerts > The queries based OData have the '/api' prefix. For example, to get Alerts you can send GET request to https://api.securitycenter.microsoft.com/api/alerts
### Versioning: ### Versioning:
@ -40,9 +40,14 @@ ms.topic: article
> >
> The current version is **V1.0**. > The current version is **V1.0**.
> >
> To use a specific version, use this format: `https://api.securitycenter.windows.com/api/{Version}`. For example: `https://api.securitycenter.windows.com/api/v1.0/alerts` > To use a specific version, use this format: `https://api.securitycenter.microsoft.com/api/{Version}`. For example: `https://api.securitycenter.microsoft.com/api/v1.0/alerts`
> >
> If you don't specify any version (e.g. https://api.securitycenter.windows.com/api/alerts ) you will get to the latest version. > If you don't specify any version (e.g. https://api.securitycenter.microsoft.com/api/alerts ) you will get to the latest version.
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses. Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses.

30
windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
View File

@ -22,9 +22,13 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
If you are not familiar with OData queries, see: [OData V4 queries](https://www.odata.org/documentation/) If you are not familiar with OData queries, see: [OData V4 queries](https://www.odata.org/documentation/)
@ -150,14 +154,14 @@ HTTP GET https://api.securitycenter.microsoft.com/api/alerts?$top=10&$expand=ev
Get all the alerts last updated after 2019-11-22 00:00:00 Get all the alerts last updated after 2019-11-22 00:00:00
```http ```http
HTTP GET https://api.securitycenter.windows.com/api/alerts?$filter=lastUpdateTime+ge+2019-11-22T00:00:00Z HTTP GET https://api.securitycenter.microsoft.com/api/alerts?$filter=lastUpdateTime+ge+2019-11-22T00:00:00Z
``` ```
**Response:** **Response:**
```json ```json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Alerts",
"value": [ "value": [
{ {
"id": "da637308392288907382_-880718168", "id": "da637308392288907382_-880718168",
@ -206,14 +210,14 @@ HTTP GET https://api.securitycenter.windows.com/api/alerts?$filter=lastUpdateTi
Get all the devices with 'High' 'RiskScore' Get all the devices with 'High' 'RiskScore'
```http ```http
HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=riskScore+eq+'High' HTTP GET https://api.securitycenter.microsoft.com/api/machines?$filter=riskScore+eq+'High'
``` ```
**Response:** **Response:**
```json ```json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines",
"value": [ "value": [
{ {
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
@ -245,14 +249,14 @@ HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=riskScore+
Get top 100 devices with 'HealthStatus' not equals to 'Active' Get top 100 devices with 'HealthStatus' not equals to 'Active'
```http ```http
HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=healthStatus+ne+'Active'&$top=100 HTTP GET https://api.securitycenter.microsoft.com/api/machines?$filter=healthStatus+ne+'Active'&$top=100
``` ```
**Response:** **Response:**
```json ```json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines",
"value": [ "value": [
{ {
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
@ -284,14 +288,14 @@ HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=healthStat
Get all the devices that last seen after 2018-10-20 Get all the devices that last seen after 2018-10-20
```http ```http
HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=lastSeen gt 2018-08-01Z HTTP GET https://api.securitycenter.microsoft.com/api/machines?$filter=lastSeen gt 2018-08-01Z
``` ```
**Response:** **Response:**
```json ```json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines",
"value": [ "value": [
{ {
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
@ -323,14 +327,14 @@ HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=lastSeen g
Get all the Anti-Virus scans that the user Analyst@examples.onmicrosoft.com created using Microsoft Defender for Endpoint Get all the Anti-Virus scans that the user Analyst@examples.onmicrosoft.com created using Microsoft Defender for Endpoint
```http ```http
HTTP GET https://api.securitycenter.windows.com/api/machineactions?$filter=requestor eq 'Analyst@contoso.com' and type eq 'RunAntiVirusScan' HTTP GET https://api.securitycenter.microsoft.com/api/machineactions?$filter=requestor eq 'Analyst@contoso.com' and type eq 'RunAntiVirusScan'
``` ```
**Response:** **Response:**
```json ```json
json{ json{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions",
"value": [ "value": [
{ {
"id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba", "id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba",
@ -355,7 +359,7 @@ json{
Get the count of open alerts for a specific device: Get the count of open alerts for a specific device:
```http ```http
HTTP GET https://api.securitycenter.windows.com/api/machines/123321d0c675eaa415b8e5f383c6388bff446c62/alerts/$count?$filter=status ne 'Resolved' HTTP GET https://api.securitycenter.microsoft.com/api/machines/123321d0c675eaa415b8e5f383c6388bff446c62/alerts/$count?$filter=status ne 'Resolved'
``` ```
**Response:** **Response:**

5
windows/security/threat-protection/microsoft-defender-atp/files.md
View File

@ -25,6 +25,11 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
Represent a file entity in Defender for Endpoint. Represent a file entity in Defender for Endpoint.
## Methods ## Methods

8
windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md
View File

@ -21,9 +21,13 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
Find a device by internal IP. Find a device by internal IP.

8
windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
View File

@ -25,6 +25,10 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
Find [Machines](machine.md) seen with the requested internal IP in the time range of 15 minutes prior and after a given timestamp. Find [Machines](machine.md) seen with the requested internal IP in the time range of 15 minutes prior and after a given timestamp.
@ -75,8 +79,6 @@ If the timestamp is not in the past 30 days - 400 Bad Request.
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
``` ```
GET https://api.securitycenter.windows.com/api/machines/findbyip(ip='10.248.240.38',timestamp=2019-09-22T08:44:05Z) GET https://api.securitycenter.microsoft.com/api/machines/findbyip(ip='10.248.240.38',timestamp=2019-09-22T08:44:05Z)
``` ```

4
windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md
View File

@ -25,6 +25,10 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
Retrieves specific [Alert](alerts.md) by its ID. Retrieves specific [Alert](alerts.md) by its ID.

10
windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md
View File

@ -25,6 +25,10 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
Retrieves all domains related to a specific alert. Retrieves all domains related to a specific alert.
@ -72,10 +76,8 @@ If successful and alert and domain exist - 200 OK. If alert not found - 404 Not
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
``` ```
GET https://api.securitycenter.windows.com/alerts/636688558380765161_2136280442/domains GET https://api.securitycenter.microsoft.com/alerts/636688558380765161_2136280442/domains
``` ```
**Response** **Response**
@ -86,7 +88,7 @@ Here is an example of the response.
HTTP/1.1 200 OK HTTP/1.1 200 OK
Content-type: application/json Content-type: application/json
{ {
"@odata.context": "https://api.securitycenter.windows.com/$metadata#Domains", "@odata.context": "https://api.securitycenter.microsoft.com/$metadata#Domains",
"value": [ "value": [
{ {
"host": "www.example.com" "host": "www.example.com"

10
windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md
View File

@ -25,6 +25,10 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
Retrieves all files related to a specific alert. Retrieves all files related to a specific alert.
@ -72,10 +76,8 @@ If successful and alert and files exist - 200 OK. If alert not found - 404 Not F
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
``` ```
GET https://api.securitycenter.windows.com/api/alerts/636688558380765161_2136280442/files GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_2136280442/files
``` ```
**Response** **Response**
@ -87,7 +89,7 @@ Here is an example of the response.
HTTP/1.1 200 OK HTTP/1.1 200 OK
Content-type: application/json Content-type: application/json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Files", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Files",
"value": [ "value": [
{ {
"sha1": "f2a00fd2f2de1be0214b8529f1e9f67096c1aa70", "sha1": "f2a00fd2f2de1be0214b8529f1e9f67096c1aa70",

10
windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md
View File

@ -25,6 +25,10 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
Retrieves all IPs related to a specific alert. Retrieves all IPs related to a specific alert.
@ -73,10 +77,8 @@ If successful and alert and an IP exist - 200 OK. If alert not found - 404 Not F
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
``` ```
GET https://api.securitycenter.windows.com/alerts/636688558380765161_2136280442/ips GET https://api.securitycenter.microsoft.com/alerts/636688558380765161_2136280442/ips
``` ```
**Response** **Response**
@ -88,7 +90,7 @@ Here is an example of the response.
HTTP/1.1 200 OK HTTP/1.1 200 OK
Content-type: application/json Content-type: application/json
{ {
"@odata.context": "https://api.securitycenter.windows.com/$metadata#Ips", "@odata.context": "https://api.securitycenter.microsoft.com/$metadata#Ips",
"value": [ "value": [
{ {
"id": "104.80.104.128" "id": "104.80.104.128"

11
windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
View File

@ -25,6 +25,10 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
Retrieves [Device](machine.md) related to a specific alert. Retrieves [Device](machine.md) related to a specific alert.
@ -74,11 +78,8 @@ If successful and alert and device exist - 200 OK. If alert not found or device
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
``` ```
GET https://api.securitycenter.windows.com/api/alerts/636688558380765161_2136280442/machine GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_2136280442/machine
``` ```
**Response** **Response**
@ -90,7 +91,7 @@ Here is an example of the response.
HTTP/1.1 200 OK HTTP/1.1 200 OK
Content-type: application/json Content-type: application/json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines/$entity", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines/$entity",
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
"computerDnsName": "mymachine1.contoso.com", "computerDnsName": "mymachine1.contoso.com",
"firstSeen": "2018-08-02T14:55:03.7791856Z", "firstSeen": "2018-08-02T14:55:03.7791856Z",

11
windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
View File

@ -25,6 +25,10 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
Retrieves the User related to a specific alert. Retrieves the User related to a specific alert.
@ -73,11 +77,8 @@ If successful and alert and a user exists - 200 OK with user in the body. If ale
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
``` ```
GET https://api.securitycenter.windows.com/api/alerts/636688558380765161_2136280442/user GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_2136280442/user
``` ```
**Response** **Response**
@ -89,7 +90,7 @@ Here is an example of the response.
HTTP/1.1 200 OK HTTP/1.1 200 OK
Content-type: application/json Content-type: application/json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Users/$entity", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users/$entity",
"id": "contoso\\user1", "id": "contoso\\user1",
"accountName": "user1", "accountName": "user1",
"accountDomain": "contoso", "accountDomain": "contoso",

7
windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
View File

@ -25,6 +25,10 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
Retrieves a collection of Alerts. Retrieves a collection of Alerts.
@ -87,9 +91,6 @@ Here is an example of the request.
GET https://api.securitycenter.microsoft.com/api/alerts GET https://api.securitycenter.microsoft.com/api/alerts
``` ```
[!include[Improve request performance](../../includes/improve-request-performance.md)]
**Response** **Response**
Here is an example of the response. Here is an example of the response.

14
windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md
View File

@ -20,8 +20,14 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
[!include[Prerelease information](../../includes/prerelease.md)] [!include[Prerelease information](../../includes/prerelease.md)]
@ -61,7 +67,7 @@ If successful, this method returns 200 OK with the list of security recommendati
Here is an example of the request. Here is an example of the request.
``` ```
GET https://api.securitycenter.windows.com/api/recommendations GET https://api.securitycenter.microsoft.com/api/recommendations
``` ```
**Response** **Response**
@ -71,7 +77,7 @@ Here is an example of the response.
```json ```json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Recommendations",
"value": [ "value": [
{ {
"id": "va-_-microsoft-_-windows_10", "id": "va-_-microsoft-_-windows_10",

11
windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md
View File

@ -23,6 +23,13 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
Retrieves a list of all the vulnerabilities affecting the organization per [machine](machine.md) and [software](software.md). Retrieves a list of all the vulnerabilities affecting the organization per [machine](machine.md) and [software](software.md).
- If the vulnerability has a fixing KB, it will appear in the response. - If the vulnerability has a fixing KB, it will appear in the response.
- Supports [OData V4 queries](https://www.odata.org/documentation/). - Supports [OData V4 queries](https://www.odata.org/documentation/).
@ -65,7 +72,7 @@ If successful, this method returns 200 OK with the list of vulnerabilities in th
Here is an example of the request. Here is an example of the request.
``` ```
GET https://api.securitycenter.windows.com/api/vulnerabilities/machinesVulnerabilities GET https://api.securitycenter.microsoft.com/api/vulnerabilities/machinesVulnerabilities
``` ```
**Response** **Response**
@ -75,7 +82,7 @@ Here is an example of the response.
```json ```json
{ {
"@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Collection(microsoft.windowsDefenderATP.api.PublicAssetVulnerabilityDto)", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Collection(microsoft.windowsDefenderATP.api.PublicAssetVulnerabilityDto)",
"value": [ "value": [
{ {
"id": "5afa3afc92a7c63d4b70129e0a6f33f63a427e21-_-CVE-2020-6494-_-microsoft-_-edge_chromium-based-_-81.0.416.77-_-", "id": "5afa3afc92a7c63d4b70129e0a6f33f63a427e21-_-CVE-2020-6494-_-microsoft-_-edge_chromium-based-_-81.0.416.77-_-",

14
windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md
View File

@ -20,8 +20,14 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
[!include[Prerelease information](../../includes/prerelease.md)] [!include[Prerelease information](../../includes/prerelease.md)]
@ -61,7 +67,7 @@ If successful, this method returns 200 OK with the list of vulnerabilities in th
Here is an example of the request. Here is an example of the request.
``` ```
GET https://api.securitycenter.windows.com/api/Vulnerabilities GET https://api.securitycenter.microsoft.com/api/Vulnerabilities
``` ```
**Response** **Response**
@ -71,7 +77,7 @@ Here is an example of the response.
```json ```json
{ {
"@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Vulnerabilities", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Vulnerabilities",
"value": [ "value": [
{ {
"id": "CVE-2019-0608", "id": "CVE-2019-0608",

8
windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md
View File

@ -23,9 +23,13 @@ ROBOTS: NOINDEX
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
Retrieves a map of CVE's to KB's and CVE details. Retrieves a map of CVE's to KB's and CVE details.

12
windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md
View File

@ -23,11 +23,13 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
>[!NOTE]
>If you are a US Gov customer, please refer to API endpoints listed in [here](gov.md#api).
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
Retrieves your [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md). A higher Microsoft Secure Score for Devices means your endpoints are more resilient from cybersecurity threat attacks. Retrieves your [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md). A higher Microsoft Secure Score for Devices means your endpoints are more resilient from cybersecurity threat attacks.
## Permissions ## Permissions
@ -66,7 +68,7 @@ If successful, this method returns 200 OK, with the device secure score data in
Here is an example of the request. Here is an example of the request.
``` ```
GET https://api.securitycenter.windows.com/api/configurationScore GET https://api.securitycenter.microsoft.com/api/configurationScore
``` ```
### Response ### Response
@ -78,7 +80,7 @@ Here is an example of the response.
```json ```json
{ {
"@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ConfigurationScore/$entity", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#ConfigurationScore/$entity",
"time": "2019-12-03T09:15:58.1665846Z", "time": "2019-12-03T09:15:58.1665846Z",
"score": 340 "score": 340
} }

13
windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md
View File

@ -21,8 +21,13 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
Retrieves a collection of discovered vulnerabilities related to a given device ID. Retrieves a collection of discovered vulnerabilities related to a given device ID.
@ -62,7 +67,7 @@ If successful, this method returns 200 OK with the discovered vulnerability info
Here is an example of the request. Here is an example of the request.
``` ```
GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/vulnerabilities GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/vulnerabilities
``` ```
### Response ### Response
@ -71,7 +76,7 @@ Here is an example of the response.
``` ```
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)",
"value": [ "value": [
{ {
"id": "CVE-2019-1348", "id": "CVE-2019-1348",

8
windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md
View File

@ -25,6 +25,10 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
Retrieves a collection of [Alerts](alerts.md) related to a given domain address. Retrieves a collection of [Alerts](alerts.md) related to a given domain address.
@ -74,8 +78,6 @@ If successful and domain exists - 200 OK with list of [alert](alerts.md) entitie
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```http ```http
GET https://api.securitycenter.windows.com/api/domains/client.wns.windows.com/alerts GET https://api.securitycenter.microsoft.com/api/domains/client.wns.windows.com/alerts
``` ```

11
windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md
View File

@ -21,10 +21,14 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** [Microsoft Defender for Endpoint(https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
Retrieves a collection of [Machines](machine.md) that have communicated to or from a given domain address. Retrieves a collection of [Machines](machine.md) that have communicated to or from a given domain address.
@ -75,9 +79,6 @@ If successful and domain exists - 200 OK with list of [machine](machine.md) enti
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```http ```http
GET https://api.securitycenter.windows.com/api/domains/api.securitycenter.windows.com/machines GET https://api.securitycenter.microsoft.com/api/domains/api.securitycenter.microsoft.com/machines
``` ```

10
windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
View File

@ -25,6 +25,10 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
Retrieves the statistics on the given domain. Retrieves the statistics on the given domain.
@ -71,10 +75,8 @@ If successful and domain exists - 200 OK, with statistics object in the response
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
``` ```
GET https://api.securitycenter.windows.com/api/domains/example.com/stats GET https://api.securitycenter.microsoft.com/api/domains/example.com/stats
``` ```
**Response** **Response**
@ -86,7 +88,7 @@ Here is an example of the response.
HTTP/1.1 200 OK HTTP/1.1 200 OK
Content-type: application/json Content-type: application/json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgDomainStats", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgDomainStats",
"host": "example.com", "host": "example.com",
"orgPrevalence": "4070", "orgPrevalence": "4070",
"orgFirstSeen": "2017-07-30T13:23:48Z", "orgFirstSeen": "2017-07-30T13:23:48Z",

9
windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md
View File

@ -25,6 +25,11 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
[!include[Prerelease information](../../includes/prerelease.md)] [!include[Prerelease information](../../includes/prerelease.md)]
Retrieves the organizational exposure score. Retrieves the organizational exposure score.
@ -65,7 +70,7 @@ If successful, this method returns 200 OK, with the exposure data in the respons
Here is an example of the request. Here is an example of the request.
``` ```
GET https://api.securitycenter.windows.com/api/exposureScore GET https://api.securitycenter.microsoft.com/api/exposureScore
``` ```
### Response ### Response
@ -77,7 +82,7 @@ Here is an example of the response.
```json ```json
{ {
"@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ExposureScore/$entity", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#ExposureScore/$entity",
"time": "2019-12-03T07:23:53.280499Z", "time": "2019-12-03T07:23:53.280499Z",
"score": 33.491554051195706 "score": 33.491554051195706
} }

10
windows/security/threat-protection/microsoft-defender-atp/get-file-information.md
View File

@ -25,6 +25,10 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
Retrieves a [File](files.md) by identifier Sha1, or Sha256 Retrieves a [File](files.md) by identifier Sha1, or Sha256
@ -71,10 +75,8 @@ If successful and file exists - 200 OK with the [file](files.md) entity in the b
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
``` ```
GET https://api.securitycenter.windows.com/api/files/4388963aaa83afe2042a46a3c017ad50bdcdafb3 GET https://api.securitycenter.microsoft.com/api/files/4388963aaa83afe2042a46a3c017ad50bdcdafb3
``` ```
**Response** **Response**
@ -86,7 +88,7 @@ Here is an example of the response.
HTTP/1.1 200 OK HTTP/1.1 200 OK
Content-type: application/json Content-type: application/json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Files/$entity", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Files/$entity",
"sha1": "4388963aaa83afe2042a46a3c017ad50bdcdafb3", "sha1": "4388963aaa83afe2042a46a3c017ad50bdcdafb3",
"sha256": "413c58c8267d2c8648d8f6384bacc2ae9c929b2b96578b6860b5087cd1bd6462", "sha256": "413c58c8267d2c8648d8f6384bacc2ae9c929b2b96578b6860b5087cd1bd6462",
"globalPrevalence": 180022, "globalPrevalence": 180022,

8
windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md
View File

@ -25,6 +25,10 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
Retrieves a collection of alerts related to a given file hash. Retrieves a collection of alerts related to a given file hash.
@ -74,8 +78,6 @@ If successful and file exists - 200 OK with list of [alert](alerts.md) entities
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
``` ```
GET https://api.securitycenter.windows.com/api/files/6532ec91d513acc05f43ee0aa3002599729fd3e1/alerts GET https://api.securitycenter.microsoft.com/api/files/6532ec91d513acc05f43ee0aa3002599729fd3e1/alerts
``` ```

8
windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md
View File

@ -25,6 +25,10 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
Retrieves a collection of [Machines](machine.md) related to a given file hash. Retrieves a collection of [Machines](machine.md) related to a given file hash.
@ -74,8 +78,6 @@ If successful and file exists - 200 OK with list of [machine](machine.md) entiti
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
``` ```
GET https://api.securitycenter.windows.com/api/files/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/machines GET https://api.securitycenter.microsoft.com/api/files/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/machines
``` ```

10
windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
View File

@ -25,6 +25,10 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
Retrieves the statistics for the given file. Retrieves the statistics for the given file.
@ -71,10 +75,8 @@ If successful and file exists - 200 OK with statistical data in the body. If fil
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
``` ```
GET https://api.securitycenter.windows.com/api/files/0991a395da64e1c5fbe8732ed11e6be064081d9f/stats GET https://api.securitycenter.microsoft.com/api/files/0991a395da64e1c5fbe8732ed11e6be064081d9f/stats
``` ```
**Response** **Response**
@ -86,7 +88,7 @@ Here is an example of the response.
HTTP/1.1 200 OK HTTP/1.1 200 OK
Content-type: application/json Content-type: application/json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgFileStats", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgFileStats",
"sha1": "0991a395da64e1c5fbe8732ed11e6be064081d9f", "sha1": "0991a395da64e1c5fbe8732ed11e6be064081d9f",
"orgPrevalence": "14850", "orgPrevalence": "14850",
"orgFirstSeen": "2019-12-07T13:44:16Z", "orgFirstSeen": "2019-12-07T13:44:16Z",

13
windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md
View File

@ -20,8 +20,13 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
[!include[Prerelease information](../../includes/prerelease.md)] [!include[Prerelease information](../../includes/prerelease.md)]
@ -61,7 +66,7 @@ If successful, this method returns 200 OK with the installed software informatio
Here is an example of the request. Here is an example of the request.
``` ```
GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/software GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/software
``` ```
**Response** **Response**
@ -71,7 +76,7 @@ Here is an example of the response.
``` ```
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Software", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Software",
"value": [ "value": [
{ {
"id": "microsoft-_-internet_explorer", "id": "microsoft-_-internet_explorer",

15
windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md
View File

@ -25,6 +25,10 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
Retrieves a collection of [Investigations](investigation.md). Retrieves a collection of [Investigations](investigation.md).
@ -54,7 +58,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
## HTTP request ## HTTP request
``` ```
GET https://api.securitycenter.windows.com/api/investigations GET https://api.securitycenter.microsoft.com/api/investigations
``` ```
## Request headers ## Request headers
@ -71,30 +75,25 @@ Empty
If successful, this method returns 200, Ok response code with a collection of [Investigations](investigation.md) entities. If successful, this method returns 200, Ok response code with a collection of [Investigations](investigation.md) entities.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## Example ## Example
**Request** **Request**
Here is an example of a request to get all investigations: Here is an example of a request to get all investigations:
``` ```
GET https://api.securitycenter.windows.com/api/investigations GET https://api.securitycenter.microsoft.com/api/investigations
``` ```
**Response** **Response**
Here is an example of the response: Here is an example of the response:
``` ```
HTTP/1.1 200 Ok HTTP/1.1 200 Ok
Content-type: application/json Content-type: application/json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Investigations", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Investigations",
"value": [ "value": [
{ {
"id": "63017", "id": "63017",

7
windows/security/threat-protection/microsoft-defender-atp/get-investigation-object.md
View File

@ -25,6 +25,11 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
Retrieves specific [Investigation](investigation.md) by its ID. Retrieves specific [Investigation](investigation.md) by its ID.
<br> ID can be the investigation ID or the investigation triggering alert ID. <br> ID can be the investigation ID or the investigation triggering alert ID.
@ -50,7 +55,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
## HTTP request ## HTTP request
``` ```
GET https://api.securitycenter.windows.com/api/investigations/{id} GET https://api.securitycenter.microsoft.com/api/investigations/{id}
``` ```
## Request headers ## Request headers

11
windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md
View File

@ -23,7 +23,11 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
@ -74,9 +78,6 @@ If successful and IP exists - 200 OK with list of [alert](alerts.md) entities in
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
``` ```
GET https://api.securitycenter.windows.com/api/ips/10.209.67.177/alerts GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/alerts
``` ```

12
windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md
View File

@ -23,7 +23,11 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
@ -71,10 +75,8 @@ If successful and ip exists - 200 OK with statistical data in the body. IP do no
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
``` ```
GET https://api.securitycenter.windows.com/api/ips/10.209.67.177/stats GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/stats
``` ```
**Response** **Response**
@ -86,7 +88,7 @@ Here is an example of the response.
HTTP/1.1 200 OK HTTP/1.1 200 OK
Content-type: application/json Content-type: application/json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgIPStats", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgIPStats",
"ipAddress": "10.209.67.177", "ipAddress": "10.209.67.177",
"orgPrevalence": "63515", "orgPrevalence": "63515",
"orgFirstSeen": "2017-07-30T13:36:06Z", "orgFirstSeen": "2017-07-30T13:36:06Z",

8
windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md
View File

@ -23,9 +23,13 @@ ROBOTS: NOINDEX
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
Retrieves a collection of KB's and KB details. Retrieves a collection of KB's and KB details.

12
windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
View File

@ -23,7 +23,11 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
@ -77,10 +81,8 @@ If machine with the specified ID was not found - 404 Not Found.
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```http ```http
GET https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07 GET https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07
``` ```
**Response** **Response**
@ -92,7 +94,7 @@ Here is an example of the response.
HTTP/1.1 200 OK HTTP/1.1 200 OK
Content-type: application/json Content-type: application/json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machine", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machine",
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
"computerDnsName": "mymachine1.contoso.com", "computerDnsName": "mymachine1.contoso.com",
"firstSeen": "2018-08-02T14:55:03.7791856Z", "firstSeen": "2018-08-02T14:55:03.7791856Z",

11
windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md
View File

@ -23,7 +23,12 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
[!include[Prerelease information](../../includes/prerelease.md)] [!include[Prerelease information](../../includes/prerelease.md)]
@ -65,7 +70,7 @@ If successful, this method returns 200 OK, with a list of exposure score per dev
Here is an example of the request. Here is an example of the request.
``` ```
GET https://api.securitycenter.windows.com/api/exposureScore/ByMachineGroups GET https://api.securitycenter.microsoft.com/api/exposureScore/ByMachineGroups
``` ```
### Response ### Response
@ -75,7 +80,7 @@ Here is an example of the response.
```json ```json
{ {
"@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ExposureScore", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#ExposureScore",
"value": [ "value": [
{ {
"time": "2019-12-03T09:51:28.214338Z", "time": "2019-12-03T09:51:28.214338Z",

10
windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
View File

@ -25,6 +25,10 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
Retrieves a collection of logged on users on a specific device. Retrieves a collection of logged on users on a specific device.
@ -73,10 +77,8 @@ If successful and device exists - 200 OK with list of [user](user.md) entities i
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```http ```http
GET https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/logonusers GET https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/logonusers
``` ```
**Response** **Response**
@ -88,7 +90,7 @@ Here is an example of the response.
HTTP/1.1 200 OK HTTP/1.1 200 OK
Content-type: application/json Content-type: application/json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Users", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users",
"value": [ "value": [
{ {
"id": "contoso\\user1", "id": "contoso\\user1",

6
windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md
View File

@ -23,7 +23,11 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description

14
windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md
View File

@ -23,7 +23,11 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
@ -50,7 +54,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
## HTTP request ## HTTP request
``` ```
GET https://api.securitycenter.windows.com/api/machineactions/{id} GET https://api.securitycenter.microsoft.com/api/machineactions/{id}
``` ```
## Request headers ## Request headers
@ -72,10 +76,8 @@ If successful, this method returns 200, Ok response code with a [Machine Action]
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
``` ```
GET https://api.securitycenter.windows.com/api/machineactions/2e9da30d-27f6-4208-81f2-9cd3d67893ba GET https://api.securitycenter.microsoft.com/api/machineactions/2e9da30d-27f6-4208-81f2-9cd3d67893ba
``` ```
**Response** **Response**
@ -87,7 +89,7 @@ Here is an example of the response.
HTTP/1.1 200 Ok HTTP/1.1 200 Ok
Content-type: application/json Content-type: application/json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions/$entity", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions/$entity",
"id": "5382f7ea-7557-4ab7-9782-d50480024a4e", "id": "5382f7ea-7557-4ab7-9782-d50480024a4e",
"type": "Isolate", "type": "Isolate",
"scope": "Selective", "scope": "Selective",

20
windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md
View File

@ -23,7 +23,11 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
@ -54,7 +58,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
## HTTP request ## HTTP request
``` ```
GET https://api.securitycenter.windows.com/api/machineactions GET https://api.securitycenter.microsoft.com/api/machineactions
``` ```
## Request headers ## Request headers
@ -77,10 +81,8 @@ If successful, this method returns 200, Ok response code with a collection of [m
Here is an example of the request on an organization that has three MachineActions. Here is an example of the request on an organization that has three MachineActions.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
``` ```
GET https://api.securitycenter.windows.com/api/machineactions GET https://api.securitycenter.microsoft.com/api/machineactions
``` ```
**Response** **Response**
@ -92,7 +94,7 @@ Here is an example of the response.
HTTP/1.1 200 Ok HTTP/1.1 200 Ok
Content-type: application/json Content-type: application/json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions",
"value": [ "value": [
{ {
"id": "69dc3630-1ccc-4342-acf3-35286eec741d", "id": "69dc3630-1ccc-4342-acf3-35286eec741d",
@ -147,20 +149,18 @@ Content-type: application/json
Here is an example of a request that filters the MachineActions by machine ID and shows the latest two MachineActions. Here is an example of a request that filters the MachineActions by machine ID and shows the latest two MachineActions.
``` ```
GET https://api.securitycenter.windows.com/api/machineactions?$filter=machineId eq 'f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f'&$top=2 GET https://api.securitycenter.microsoft.com/api/machineactions?$filter=machineId eq 'f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f'&$top=2
``` ```
**Response** **Response**
Here is an example of the response. Here is an example of the response.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
``` ```
HTTP/1.1 200 Ok HTTP/1.1 200 Ok
Content-type: application/json Content-type: application/json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions",
"value": [ "value": [
{ {
"id": "69dc3630-1ccc-4342-acf3-35286eec741d", "id": "69dc3630-1ccc-4342-acf3-35286eec741d",

9
windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection.md
View File

@ -23,9 +23,14 @@ ms.date: 10/07/2018
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
Retrieves a collection of RBAC device groups. Retrieves a collection of RBAC device groups.

13
windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md
View File

@ -21,9 +21,14 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
[!include[Prerelease information](../../includes/prerelease.md)] [!include[Prerelease information](../../includes/prerelease.md)]
@ -62,7 +67,7 @@ If successful, this method returns 200 OK and a list of devices with the softwar
Here is an example of the request. Here is an example of the request.
``` ```
GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/machineReferences GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/machineReferences
``` ```
**Response** **Response**
@ -72,7 +77,7 @@ Here is an example of the response.
```json ```json
{ {
"@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#MachineReferences", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineReferences",
"value": [ "value": [
{ {
"id": "7c7e1896fa39efb0a32a2cf421d837af1b9bf762", "id": "7c7e1896fa39efb0a32a2cf421d837af1b9bf762",

13
windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md
View File

@ -20,9 +20,14 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
[!include[Prerelease information](../../includes/prerelease.md)] [!include[Prerelease information](../../includes/prerelease.md)]
@ -62,7 +67,7 @@ If successful, this method returns 200 OK with the vulnerability information in
Here is an example of the request. Here is an example of the request.
``` ```
GET https://api.securitycenter.windows.com/api/vulnerabilities/CVE-2019-0608/machineReferences GET https://api.securitycenter.microsoft.com/api/vulnerabilities/CVE-2019-0608/machineReferences
``` ```
**Response** **Response**
@ -72,7 +77,7 @@ Here is an example of the response.
```json ```json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineReferences", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineReferences",
"value": [ "value": [
{ {
"id": "235a2e6278c63fcf85bab9c370396972c58843de", "id": "235a2e6278c63fcf85bab9c370396972c58843de",

15
windows/security/threat-protection/microsoft-defender-atp/get-machines.md
View File

@ -23,7 +23,11 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
@ -56,7 +60,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
## HTTP request ## HTTP request
```http ```http
GET https://api.securitycenter.windows.com/api/machines GET https://api.securitycenter.microsoft.com/api/machines
``` ```
## Request headers ## Request headers
@ -79,11 +83,8 @@ If successful and machines exists - 200 OK with list of [machine](machine.md) en
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```http ```http
GET https://api.securitycenter.windows.com/api/machines GET https://api.securitycenter.microsoft.com/api/machines
``` ```
**Response** **Response**
@ -94,7 +95,7 @@ Here is an example of the response.
HTTP/1.1 200 OK HTTP/1.1 200 OK
Content-type: application/json Content-type: application/json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines",
"value": [ "value": [
{ {
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",

8
windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md
View File

@ -22,9 +22,13 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
Retrieves a collection of devices security states. Retrieves a collection of devices security states.

6
windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md
View File

@ -25,6 +25,10 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
Retrieves missing KBs (security updates) by device ID Retrieves missing KBs (security updates) by device ID
## HTTP request ## HTTP request
@ -54,7 +58,7 @@ If successful, this method returns 200 OK, with the specified device missing kb
Here is an example of the request. Here is an example of the request.
``` ```
GET https://api.securitycenter.windows.com/api/machines/2339ad14a01bd0299afb93dfa2550136057bff96/getmissingkbs GET https://api.securitycenter.microsoft.com/api/machines/2339ad14a01bd0299afb93dfa2550136057bff96/getmissingkbs
``` ```
### Response ### Response

9
windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md
View File

@ -23,7 +23,12 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
Retrieves missing KBs (security updates) by software ID Retrieves missing KBs (security updates) by software ID
@ -63,7 +68,7 @@ If successful, this method returns 200 OK, with the specified software missing k
Here is an example of the request. Here is an example of the request.
``` ```
GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/getmissingkbs GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/getmissingkbs
``` ```
### Response ### Response

15
windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md
View File

@ -23,7 +23,11 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
@ -45,7 +49,7 @@ Delegated (work or school account) | Machine.CollectForensics | 'Collect forensi
## HTTP request ## HTTP request
``` ```
GET https://api.securitycenter.windows.com/api/machineactions/{machine action id}/getPackageUri GET https://api.securitycenter.microsoft.com/api/machineactions/{machine action id}/getPackageUri
``` ```
## Request headers ## Request headers
@ -69,7 +73,7 @@ If successful, this method returns 200, Ok response code with object that holds
Here is an example of the request. Here is an example of the request.
``` ```
GET https://api.securitycenter.windows.com/api/machineactions/7327b54fd718525cbca07dacde913b5ac3c85673/GetPackageUri GET https://api.securitycenter.microsoft.com/api/machineactions/7327b54fd718525cbca07dacde913b5ac3c85673/GetPackageUri
``` ```
@ -77,15 +81,12 @@ GET https://api.securitycenter.windows.com/api/machineactions/7327b54fd718525cbc
Here is an example of the response. Here is an example of the response.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
``` ```
HTTP/1.1 200 Ok HTTP/1.1 200 Ok
Content-type: application/json Content-type: application/json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Edm.String", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Edm.String",
"value": "\"https://userrequests-us.securitycenter.windows.com:443/safedownload/WDATP_Investigation_Package.zip?token=gbDyj7y%2fbWGAZjn2sFiZXlliBTXOCVG7yiJ6mXNaQ9pLByC2Wxeno9mENsPFP3xMk5l%2bZiJXjLvqAyNEzUNROxoM2I1er9dxzfVeBsxSmclJjPsAx%2btiNyxSz1Ax%2b5jaT5cL5bZg%2b8wgbwY9urXbTpGjAKh6FB1e%2b0ypcWkPm8UkfOwsmtC%2biZJ2%2bPqnkkeQk7SKMNoAvmh9%2fcqDIPKXGIBjMa0D9auzypOqd8bQXp7p2BnLSH136BxST8n9IHR4PILvRjAYW9kvtHkBpBitfydAsUW4g2oDZSPN3kCLBOoo1C4w4Lkc9Bc3GNU2IW6dfB7SHcp7G9p4BDkeJl3VuDs6esCaeBorpn9FKJ%2fXo7o9pdcI0hUPZ6Ds9hiPpwPUtz5J29CBE3QAopCK%2fsWlf6OW2WyXsrNRSnF1tVE5H3wXpREzuhD7S4AIA3OIEZKzC4jIPLeMu%2bazZU9xGwuc3gICOaokbwMJiZTqcUuK%2fV9YdBdjdg8wJ16NDU96Pl6%2fgew2KYuk6Wo7ZuHotgHI1abcsvdlpe4AvixDbqcRJthsg2PpLRaFLm5av44UGkeK6TJpFvxUn%2f9fg6Zk5yM1KUTHb8XGmutoCM8U9er6AzXZlY0gGc3D3bQOg41EJZkEZLyUEbk1hXJB36ku2%2bW01cG71t7MxMBYz7%2bdXobxpdo%3d%3bRWS%2bCeoDfTyDcfH5pkCg6hYDmCOPr%2fHYQuaUWUBNVnXURYkdyOzVHqp%2fe%2f1BNyPdVoVkpQHpz1pPS3b5g9h7IMmNKCk5gFq5m2nPx6kk9EYtzx8Ndoa2m9Yj%2bSaf8zIFke86YnfQL4AYewsnQNJJh4wc%2bXxGlBq7axDcoiOdX91rKzVicH3GSBkFoLFAKoegWWsF%2fEDZcVpF%2fXUA1K8HvB6dwyfy4y0sAqnNPxYTQ97mG7yHhxPt4Pe9YF2UPPAJVuEf8LNlQ%2bWHC9%2f7msF6UUI4%2fca%2ftpjFs%2fSNeRE8%2fyQj21TI8YTF1SowvaJuDc1ivEoeopNNGG%2bGI%2fX0SckaVxU9Hdkh0zbydSlT5SZwbSwescs0IpzECitBbaLUz4aT8KTs8T0lvx8D7Te3wVsKAJ1r3iFMQZrlk%2bS1WW8rvac7oHRx2HKURn1v7fDIQWgJr9aNsNlFz4fLJ50T2qSHuuepkLVbe93Va072aMGhvr09WVKoTpAf1j2bcFZZU6Za5PxI32mr0k90FgiYFJ1F%2f1vRDrGwvWVWUkR3Z33m4g0gHa52W1FMxQY0TJIwbovD6FaSNDx7xhKZSd5IJ7r6P91Gez49PaZRcAZPjd%2bfbul3JNm1VqQPTLohT7wa0ymRiXpSST74xtFzuEBzNSNATdbngj3%2fwV4JesTjZjIj5Dc%3d%3blumqauVlFuuO8MQffZgs0tLJ4Fq6fpeozPTdDf8Ll6XLegi079%2b4mSPFjTK0y6eohstxdoOdom2wAHiZwk0u4KLKmRkfYOdT1wHY79qKoBQ3ZDHFTys9V%2fcwKGl%2bl8IenWDutHygn5IcA1y7GTZj4g%3d%3d\"" "value": "\"https://userrequests-us.securitycenter.windows.com:443/safedownload/WDATP_Investigation_Package.zip?token=gbDyj7y%2fbWGAZjn2sFiZXlliBTXOCVG7yiJ6mXNaQ9pLByC2Wxeno9mENsPFP3xMk5l%2bZiJXjLvqAyNEzUNROxoM2I1er9dxzfVeBsxSmclJjPsAx%2btiNyxSz1Ax%2b5jaT5cL5bZg%2b8wgbwY9urXbTpGjAKh6FB1e%2b0ypcWkPm8UkfOwsmtC%2biZJ2%2bPqnkkeQk7SKMNoAvmh9%2fcqDIPKXGIBjMa0D9auzypOqd8bQXp7p2BnLSH136BxST8n9IHR4PILvRjAYW9kvtHkBpBitfydAsUW4g2oDZSPN3kCLBOoo1C4w4Lkc9Bc3GNU2IW6dfB7SHcp7G9p4BDkeJl3VuDs6esCaeBorpn9FKJ%2fXo7o9pdcI0hUPZ6Ds9hiPpwPUtz5J29CBE3QAopCK%2fsWlf6OW2WyXsrNRSnF1tVE5H3wXpREzuhD7S4AIA3OIEZKzC4jIPLeMu%2bazZU9xGwuc3gICOaokbwMJiZTqcUuK%2fV9YdBdjdg8wJ16NDU96Pl6%2fgew2KYuk6Wo7ZuHotgHI1abcsvdlpe4AvixDbqcRJthsg2PpLRaFLm5av44UGkeK6TJpFvxUn%2f9fg6Zk5yM1KUTHb8XGmutoCM8U9er6AzXZlY0gGc3D3bQOg41EJZkEZLyUEbk1hXJB36ku2%2bW01cG71t7MxMBYz7%2bdXobxpdo%3d%3bRWS%2bCeoDfTyDcfH5pkCg6hYDmCOPr%2fHYQuaUWUBNVnXURYkdyOzVHqp%2fe%2f1BNyPdVoVkpQHpz1pPS3b5g9h7IMmNKCk5gFq5m2nPx6kk9EYtzx8Ndoa2m9Yj%2bSaf8zIFke86YnfQL4AYewsnQNJJh4wc%2bXxGlBq7axDcoiOdX91rKzVicH3GSBkFoLFAKoegWWsF%2fEDZcVpF%2fXUA1K8HvB6dwyfy4y0sAqnNPxYTQ97mG7yHhxPt4Pe9YF2UPPAJVuEf8LNlQ%2bWHC9%2f7msF6UUI4%2fca%2ftpjFs%2fSNeRE8%2fyQj21TI8YTF1SowvaJuDc1ivEoeopNNGG%2bGI%2fX0SckaVxU9Hdkh0zbydSlT5SZwbSwescs0IpzECitBbaLUz4aT8KTs8T0lvx8D7Te3wVsKAJ1r3iFMQZrlk%2bS1WW8rvac7oHRx2HKURn1v7fDIQWgJr9aNsNlFz4fLJ50T2qSHuuepkLVbe93Va072aMGhvr09WVKoTpAf1j2bcFZZU6Za5PxI32mr0k90FgiYFJ1F%2f1vRDrGwvWVWUkR3Z33m4g0gHa52W1FMxQY0TJIwbovD6FaSNDx7xhKZSd5IJ7r6P91Gez49PaZRcAZPjd%2bfbul3JNm1VqQPTLohT7wa0ymRiXpSST74xtFzuEBzNSNATdbngj3%2fwV4JesTjZjIj5Dc%3d%3blumqauVlFuuO8MQffZgs0tLJ4Fq6fpeozPTdDf8Ll6XLegi079%2b4mSPFjTK0y6eohstxdoOdom2wAHiZwk0u4KLKmRkfYOdT1wHY79qKoBQ3ZDHFTys9V%2fcwKGl%2bl8IenWDutHygn5IcA1y7GTZj4g%3d%3d\""
} }

11
windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md
View File

@ -22,6 +22,13 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
[!include[Prerelease information](../../includes/prerelease.md)] [!include[Prerelease information](../../includes/prerelease.md)]
Retrieves a security recommendation by its ID. Retrieves a security recommendation by its ID.
@ -60,7 +67,7 @@ If successful, this method returns 200 OK with the security recommendations in t
Here is an example of the request. Here is an example of the request.
``` ```
GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome
``` ```
**Response** **Response**
@ -69,7 +76,7 @@ Here is an example of the response.
```json ```json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations/$entity", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Recommendations/$entity",
"id": "va-_-google-_-chrome", "id": "va-_-google-_-chrome",
"productName": "chrome", "productName": "chrome",
"recommendationName": "Update Chrome", "recommendationName": "Update Chrome",

13
windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md
View File

@ -20,9 +20,14 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
[!include[Prerelease information](../../includes/prerelease.md)] [!include[Prerelease information](../../includes/prerelease.md)]
@ -62,7 +67,7 @@ If successful, this method returns 200 OK with the list of devices associated wi
Here is an example of the request. Here is an example of the request.
``` ```
GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/machineReferences GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/machineReferences
``` ```
**Response** **Response**
@ -71,7 +76,7 @@ Here is an example of the response.
```json ```json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineReferences", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineReferences",
"value": [ "value": [
{ {
"id": "e058770379bc199a9c179ce52a23e16fd44fd2ee", "id": "e058770379bc199a9c179ce52a23e16fd44fd2ee",

13
windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md
View File

@ -20,9 +20,14 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
[!include[Prerelease information](../../includes/prerelease.md)] [!include[Prerelease information](../../includes/prerelease.md)]
@ -62,7 +67,7 @@ If successful, this method returns 200 OK with the software associated with the
Here is an example of the request. Here is an example of the request.
``` ```
GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/software GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/software
``` ```
**Response** **Response**
@ -71,7 +76,7 @@ Here is an example of the response.
```json ```json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Analytics.Contracts.PublicAPI.PublicProductDto", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Analytics.Contracts.PublicAPI.PublicProductDto",
"id": "google-_-chrome", "id": "google-_-chrome",
"name": "chrome", "name": "chrome",
"vendor": "google", "vendor": "google",

13
windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md
View File

@ -20,9 +20,14 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
[!include[Prerelease information](../../includes/prerelease.md)] [!include[Prerelease information](../../includes/prerelease.md)]
@ -62,7 +67,7 @@ If successful, this method returns 200 OK, with the list of vulnerabilities asso
Here is an example of the request. Here is an example of the request.
``` ```
GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/vulnerabilities GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/vulnerabilities
``` ```
**Response** **Response**
@ -71,7 +76,7 @@ Here is an example of the response.
```json ```json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)",
"value": [ "value": [
{ {
"id": "CVE-2019-13748", "id": "CVE-2019-13748",

12
windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md
View File

@ -20,9 +20,13 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
[!include[Prerelease information](../../includes/prerelease.md)] [!include[Prerelease information](../../includes/prerelease.md)]
@ -62,7 +66,7 @@ If successful, this method returns 200 OK with the security recommendations in t
Here is an example of the request. Here is an example of the request.
``` ```
GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/recommendations GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/recommendations
``` ```
**Response** **Response**
@ -72,7 +76,7 @@ Here is an example of the response.
``` ```
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Recommendations",
"value": [ "value": [
{ {
"id": "va-_-git-scm-_-git", "id": "va-_-git-scm-_-git",

13
windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md
View File

@ -21,9 +21,14 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
[!include[Prerelease information](../../includes/prerelease.md)] [!include[Prerelease information](../../includes/prerelease.md)]
@ -62,7 +67,7 @@ If successful, this method returns 200 OK with the specified software data in th
Here is an example of the request. Here is an example of the request.
``` ```
GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge
``` ```
**Response** **Response**
@ -72,7 +77,7 @@ Here is an example of the response.
```json ```json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Software/$entity", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Software/$entity",
"id": "microsoft-_-edge", "id": "microsoft-_-edge",
"name": "edge", "name": "edge",
"vendor": "microsoft", "vendor": "microsoft",

13
windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md
View File

@ -21,9 +21,14 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
[!include[Prerelease information](../../includes/prerelease.md)] [!include[Prerelease information](../../includes/prerelease.md)]
@ -62,7 +67,7 @@ If successful, this method returns 200 OK with a list of software distributions
Here is an example of the request. Here is an example of the request.
``` ```
GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/distributions GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/distributions
``` ```
**Response** **Response**
@ -72,7 +77,7 @@ Here is an example of the response.
```json ```json
{ {
"@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Distributions", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Distributions",
"value": [ "value": [
{ {
"version": "11.0.17134.1039", "version": "11.0.17134.1039",

11
windows/security/threat-protection/microsoft-defender-atp/get-software.md
View File

@ -23,7 +23,12 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
Retrieves the organization software inventory. Retrieves the organization software inventory.
@ -61,7 +66,7 @@ If successful, this method returns 200 OK with the software inventory in the bod
Here is an example of the request. Here is an example of the request.
``` ```
GET https://api.securitycenter.windows.com/api/Software GET https://api.securitycenter.microsoft.com/api/Software
``` ```
**Response** **Response**
@ -71,7 +76,7 @@ Here is an example of the response.
```json ```json
{ {
"@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Software", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Software",
"value": [ "value": [
{ {
"id": "microsoft-_-edge", "id": "microsoft-_-edge",

16
windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md
View File

@ -25,6 +25,10 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
Retrieves a collection of all active [Indicators](ti-indicator.md). Retrieves a collection of all active [Indicators](ti-indicator.md).
@ -48,11 +52,9 @@ Delegated (work or school account) | Ti.ReadWrite | 'Read and write Indicators'
## HTTP request ## HTTP request
``` ```
GET https://api.securitycenter.windows.com/api/indicators GET https://api.securitycenter.microsoft.com/api/indicators
``` ```
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## Request headers ## Request headers
Name | Type | Description Name | Type | Description
@ -76,7 +78,7 @@ If successful, this method returns 200, Ok response code with a collection of [I
Here is an example of a request that gets all Indicators Here is an example of a request that gets all Indicators
``` ```
GET https://api.securitycenter.windows.com/api/indicators GET https://api.securitycenter.microsoft.com/api/indicators
``` ```
**Response** **Response**
@ -87,7 +89,7 @@ Here is an example of the response.
HTTP/1.1 200 Ok HTTP/1.1 200 Ok
Content-type: application/json Content-type: application/json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Indicators", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Indicators",
"value": [ "value": [
{ {
"id": "995", "id": "995",
@ -139,7 +141,7 @@ Content-type: application/json
Here is an example of a request that gets all Indicators with 'AlertAndBlock' action Here is an example of a request that gets all Indicators with 'AlertAndBlock' action
``` ```
GET https://api.securitycenter.windows.com/api/indicators?$filter=action+eq+'AlertAndBlock' GET https://api.securitycenter.microsoft.com/api/indicators?$filter=action+eq+'AlertAndBlock'
``` ```
**Response** **Response**
@ -150,7 +152,7 @@ Here is an example of the response.
HTTP/1.1 200 Ok HTTP/1.1 200 Ok
Content-type: application/json Content-type: application/json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Indicators", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Indicators",
"value": [ "value": [
{ {
"id": "997", "id": "997",

15
windows/security/threat-protection/microsoft-defender-atp/get-user-information.md
View File

@ -20,8 +20,13 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
Retrieve a User entity by key (user name). Retrieve a User entity by key (user name).
@ -58,10 +63,8 @@ If successful and user exists - 200 OK with [user](user.md) entity in the body.
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
``` ```
GET https://api.securitycenter.windows.com/api/users/user1 GET https://api.securitycenter.microsoft.com/api/users/user1
Content-type: application/json Content-type: application/json
``` ```
@ -74,7 +77,7 @@ Here is an example of the response.
HTTP/1.1 200 OK HTTP/1.1 200 OK
Content-type: application/json Content-type: application/json
{ {
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Users/$entity", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users/$entity",
"id": "user1", "id": "user1",
"firstSeen": "2018-08-02T00:00:00Z", "firstSeen": "2018-08-02T00:00:00Z",
"lastSeen": "2018-08-04T00:00:00Z", "lastSeen": "2018-08-04T00:00:00Z",

10
windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md
View File

@ -23,7 +23,11 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
@ -76,8 +80,6 @@ If successful and user exists - 200 OK. If the user does not exist - 404 Not Fou
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
``` ```
GET https://api.securitycenter.windows.com/api/users/user1/alerts GET https://api.securitycenter.microsoft.com/api/users/user1/alerts
``` ```

10
windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md
View File

@ -23,7 +23,11 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
@ -77,8 +81,6 @@ If successful and user exists - 200 OK with list of [machine](machine.md) entiti
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
``` ```
GET https://api.securitycenter.windows.com/api/users/user1/machines GET https://api.securitycenter.microsoft.com/api/users/user1/machines
``` ```

13
windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md
View File

@ -21,9 +21,14 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
[!include[Prerelease information](../../includes/prerelease.md)] [!include[Prerelease information](../../includes/prerelease.md)]
@ -62,7 +67,7 @@ If successful, this method returns 200 OK with a a list of vulnerabilities expos
Here is an example of the request. Here is an example of the request.
``` ```
GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/vulnerabilities GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/vulnerabilities
``` ```
**Response** **Response**
@ -72,7 +77,7 @@ Here is an example of the response.
```json ```json
{ {
"@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)",
"value": [ "value": [
{ {
"id": "CVE-2017-0140", "id": "CVE-2017-0140",

14
windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md
View File

@ -20,8 +20,14 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
[!include[Prerelease information](../../includes/prerelease.md)] [!include[Prerelease information](../../includes/prerelease.md)]
@ -61,7 +67,7 @@ If successful, this method returns 200 OK with the vulnerability information in
Here is an example of the request. Here is an example of the request.
``` ```
GET https://api.securitycenter.windows.com/api/Vulnerabilities/CVE-2019-0608 GET https://api.securitycenter.microsoft.com/api/Vulnerabilities/CVE-2019-0608
``` ```
**Response** **Response**
@ -70,7 +76,7 @@ Here is an example of the response.
```json ```json
{ {
"@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Vulnerabilities/$entity", "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Vulnerabilities/$entity",
"id": "CVE-2019-0608", "id": "CVE-2019-0608",
"name": "CVE-2019-0608", "name": "CVE-2019-0608",
"description": "A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could impersonate a user request by crafting HTTP queries. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.To exploit the vulnerability, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it.In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or instant message, and then convince the user to interact with content on the website.The update addresses the vulnerability by correcting how Microsoft Browsers parses HTTP responses.", "description": "A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could impersonate a user request by crafting HTTP queries. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.To exploit the vulnerability, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it.In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or instant message, and then convince the user to interact with content on the website.The update addresses the vulnerability by correcting how Microsoft Browsers parses HTTP responses.",

5
windows/security/threat-protection/microsoft-defender-atp/gov.md
View File

@ -109,7 +109,8 @@ Defender for Endpoint GCC High specific | ```us4-v20.events.data.microsoft.com``
## API ## API
Login endpoint: ```https://login.microsoftonline.us``` - Login endpoint: ```https://login.microsoftonline.us```
Microsoft Defender for Endpoint API endpoint: ```https://api-gov.securitycenter.microsoft.us```
- Microsoft Defender for Endpoint API endpoint: ```https://api-gov.securitycenter.microsoft.us```

8
windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md
View File

@ -23,7 +23,11 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
@ -79,8 +83,6 @@ If successful, this method returns 201 - Created response code and [Investigatio
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
``` ```
POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/startInvestigation POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/startInvestigation
Content-type: application/json Content-type: application/json

7
windows/security/threat-protection/microsoft-defender-atp/investigation.md
View File

@ -25,7 +25,12 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
Represent an Automated Investigation entity in Defender for Endpoint. Represent an Automated Investigation entity in Defender for Endpoint.
<br> See [Overview of automated investigations](automated-investigations.md) for more information. <br> See [Overview of automated investigations](automated-investigations.md) for more information.

12
windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md
View File

@ -23,7 +23,11 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
@ -52,7 +56,7 @@ Delegated (work or school account) | Machine.Isolate | 'Isolate machine'
## HTTP request ## HTTP request
``` ```
POST https://api.securitycenter.windows.com/api/machines/{id}/isolate POST https://api.securitycenter.microsoft.com/api/machines/{id}/isolate
``` ```
## Request headers ## Request headers
@ -85,10 +89,8 @@ If successful, this method returns 201 - Created response code and [Machine Acti
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```console ```console
POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/isolate POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/isolate
Content-type: application/json Content-type: application/json
{ {
"Comment": "Isolate machine due to alert 1234", "Comment": "Isolate machine due to alert 1234",

4
windows/security/threat-protection/microsoft-defender-atp/machine.md
View File

@ -25,6 +25,10 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
[!include[Prerelease information](../../includes/prerelease.md)] [!include[Prerelease information](../../includes/prerelease.md)]
## Methods ## Methods

5
windows/security/threat-protection/microsoft-defender-atp/machineaction.md
View File

@ -25,6 +25,11 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
- For more information, see [Response Actions](respond-machine-alerts.md). - For more information, see [Response Actions](respond-machine-alerts.md).
| Method | Return Type | Description | | Method | Return Type | Description |

12
windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
View File

@ -23,7 +23,11 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
@ -55,7 +59,7 @@ Delegated (work or school account) | Machine.Offboard | 'Offboard machine'
## HTTP request ## HTTP request
``` ```
POST https://api.securitycenter.windows.com/api/machines/{id}/offboard POST https://api.securitycenter.microsoft.com/api/machines/{id}/offboard
``` ```
## Request headers ## Request headers
@ -82,10 +86,8 @@ If successful, this method returns 201 - Created response code and [Machine Acti
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
``` ```
POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/offboard POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/offboard
Content-type: application/json Content-type: application/json
{ {
"Comment": "Offboard machine by automation" "Comment": "Offboard machine by automation"

12
windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md
View File

@ -22,8 +22,14 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
Create a notification rule so that when a local onboarding or offboardiing script is used, you'll be notified. Create a notification rule so that when a local onboarding or offboardiing script is used, you'll be notified.
@ -56,7 +62,7 @@ You'll need to have access to:
5. Enter the following HTTP fields: 5. Enter the following HTTP fields:
- Method: "GET" as a value to get the list of devices. - Method: "GET" as a value to get the list of devices.
- URI: Enter `https://api.securitycenter.windows.com/api/machines`. - URI: Enter `https://api.securitycenter.microsoft.com/api/machines`.
- Authentication: Select "Active Directory OAuth". - Authentication: Select "Active Directory OAuth".
- Tenant: Sign-in to https://portal.azure.com and navigate to **Azure Active Directory > App Registrations** and get the Tenant ID value. - Tenant: Sign-in to https://portal.azure.com and navigate to **Azure Active Directory > App Registrations** and get the Tenant ID value.
- Audience: `https://securitycenter.onmicrosoft.com/windowsatpservice\` - Audience: `https://securitycenter.onmicrosoft.com/windowsatpservice\`

15
windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
View File

@ -21,9 +21,13 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** [Microsoft Defender for Endpoint]https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
@ -47,12 +51,9 @@ Delegated (work or school account) | Ti.ReadWrite | 'Read and write Indicators'
## HTTP request ## HTTP request
``` ```
POST https://api.securitycenter.windows.com/api/indicators POST https://api.securitycenter.microsoft.com/api/indicators
``` ```
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## Request headers ## Request headers
Name | Type | Description Name | Type | Description
@ -88,7 +89,7 @@ rbacGroupNames | String | Comma-separated list of RBAC group names the indicator
Here is an example of the request. Here is an example of the request.
``` ```
POST https://api.securitycenter.windows.com/api/indicators POST https://api.securitycenter.microsoft.com/api/indicators
Content-type: application/json Content-type: application/json
{ {
"indicatorValue": "220e7d15b011d7fac48f2bd61114db1022197f7f", "indicatorValue": "220e7d15b011d7fac48f2bd61114db1022197f7f",

13
windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
View File

@ -22,12 +22,9 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-pullalerts-abovefoldlink)
>[!Note] >[!Note]
>- [Microsoft Defender for Endpoint Alert](alerts.md) is composed from one or more detections. >- [Microsoft Defender for Endpoint Alert](alerts.md) is composed from one or more detections.
@ -203,7 +200,7 @@ Here is an example return value:
The following code examples demonstrate how to obtain an access token for calling the Microsoft Defender for Endpoint SIEM API. The following code examples demonstrate how to obtain an access token for calling the Microsoft Defender for Endpoint SIEM API.
```csharp ```csharp
AuthenticationContext context = new AuthenticationContext(string.Format("https://login.windows.net/{0}", tenantId)); AuthenticationContext context = new AuthenticationContext(string.Format("https://login.microsoftonline.com/{0}", tenantId));
ClientCredential clientCredentials = new ClientCredential(clientId, clientSecret); ClientCredential clientCredentials = new ClientCredential(clientId, clientSecret);
AuthenticationResult authenticationResult = context.AcquireTokenAsync(detectionsResource, clientCredentials).GetAwaiter().GetResult(); AuthenticationResult authenticationResult = context.AcquireTokenAsync(detectionsResource, clientCredentials).GetAwaiter().GetResult();
``` ```
@ -218,7 +215,7 @@ $appId = '' ### Paste your Application ID here
$appSecret = '' ### Paste your Application secret here $appSecret = '' ### Paste your Application secret here
$resourceAppIdUri = 'https://graph.windows.net' $resourceAppIdUri = 'https://graph.windows.net'
$oAuthUri = "https://login.windows.net/$tenantId/oauth2/token" $oAuthUri = "https://login.microsoftonline.com/$tenantId/oauth2/token"
$authBody = [Ordered] @{ $authBody = [Ordered] @{
resource = "$resourceAppIdUri" resource = "$resourceAppIdUri"
client_id = "$appId" client_id = "$appId"
@ -237,7 +234,7 @@ tenantId='' ### Paste your tenant ID here
appId='' ### Paste your Application ID here appId='' ### Paste your Application ID here
appSecret='' ### Paste your Application secret here appSecret='' ### Paste your Application secret here
resourceAppIdUri='https://graph.windows.net' resourceAppIdUri='https://graph.windows.net'
oAuthUri="https://login.windows.net/$tenantId/oauth2/token" oAuthUri="https://login.microsoftonline.com/$tenantId/oauth2/token"
scriptDir=$(pwd) scriptDir=$(pwd)
apiResponse=$(curl -s X POST "$oAuthUri" -d "resource=$resourceAppIdUri&client_id=$appId&client_secret=$appSecret&\ apiResponse=$(curl -s X POST "$oAuthUri" -d "resource=$resourceAppIdUri&client_id=$appId&client_secret=$appSecret&\

7
windows/security/threat-protection/microsoft-defender-atp/recommendation.md
View File

@ -23,7 +23,12 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
[!include[Prerelease information](../../includes/prerelease.md)] [!include[Prerelease information](../../includes/prerelease.md)]

10
windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md
View File

@ -23,7 +23,11 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
@ -51,7 +55,7 @@ Delegated (work or school account) | Machine.RestrictExecution | 'Restrict code
## HTTP request ## HTTP request
``` ```
POST https://api.securitycenter.windows.com/api/machines/{id}/restrictCodeExecution POST https://api.securitycenter.microsoft.com/api/machines/{id}/restrictCodeExecution
``` ```
## Request headers ## Request headers
@ -79,7 +83,7 @@ If successful, this method returns 201 - Created response code and [Machine Acti
Here is an example of the request. Here is an example of the request.
``` ```
POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/restrictCodeExecution POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/restrictCodeExecution
Content-type: application/json Content-type: application/json
{ {
"Comment": "Restrict code execution due to alert 1234" "Comment": "Restrict code execution due to alert 1234"

13
windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
View File

@ -24,7 +24,11 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## Limitations ## Limitations
1. You can only run a query on data from the last 30 days. 1. You can only run a query on data from the last 30 days.
@ -50,7 +54,7 @@ Delegated (work or school account) | AdvancedQuery.Read | 'Run advanced queries'
## HTTP request ## HTTP request
``` ```
POST https://api.securitycenter.windows.com/api/advancedqueries/run POST https://api.securitycenter.microsoft.com/api/advancedqueries/run
``` ```
## Request headers ## Request headers
@ -77,11 +81,8 @@ Request
Here is an example of the request. Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
``` ```
POST https://api.securitycenter.windows.com/api/advancedqueries/run POST https://api.securitycenter.microsoft.com/api/advancedqueries/run
Content-type: application/json Content-type: application/json
{ {
"Query":"DeviceProcessEvents "Query":"DeviceProcessEvents

14
windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md
View File

@ -21,9 +21,13 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
Run advanced queries using PowerShell, see [Advanced Hunting API](run-advanced-query-api.md). Run advanced queries using PowerShell, see [Advanced Hunting API](run-advanced-query-api.md).
@ -51,8 +55,8 @@ $tenantId = '00000000-0000-0000-0000-000000000000' # Paste your own tenant ID he
$appId = '11111111-1111-1111-1111-111111111111' # Paste your own app ID here $appId = '11111111-1111-1111-1111-111111111111' # Paste your own app ID here
$appSecret = '22222222-2222-2222-2222-222222222222' # Paste your own app secret here $appSecret = '22222222-2222-2222-2222-222222222222' # Paste your own app secret here
$resourceAppIdUri = 'https://api.securitycenter.windows.com' $resourceAppIdUri = 'https://api.securitycenter.microsoft.com'
$oAuthUri = "https://login.windows.net/$TenantId/oauth2/token" $oAuthUri = "https://login.microsoftonline.com/$TenantId/oauth2/token"
$body = [Ordered] @{ $body = [Ordered] @{
resource = "$resourceAppIdUri" resource = "$resourceAppIdUri"
client_id = "$appId" client_id = "$appId"
@ -75,7 +79,7 @@ Run the following query:
``` ```
$query = 'RegistryEvents | limit 10' # Paste your own query here $query = 'RegistryEvents | limit 10' # Paste your own query here
$url = "https://api.securitycenter.windows.com/api/advancedqueries/run" $url = "https://api.securitycenter.microsoft.com/api/advancedqueries/run"
$headers = @{ $headers = @{
'Content-Type' = 'application/json' 'Content-Type' = 'application/json'
Accept = 'application/json' Accept = 'application/json'

14
windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md
View File

@ -22,9 +22,13 @@ ms.topic: article
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
Run advanced queries using Python, see [Advanced Hunting API](run-advanced-query-api.md). Run advanced queries using Python, see [Advanced Hunting API](run-advanced-query-api.md).
@ -46,9 +50,9 @@ tenantId = '00000000-0000-0000-0000-000000000000' # Paste your own tenant ID her
appId = '11111111-1111-1111-1111-111111111111' # Paste your own app ID here appId = '11111111-1111-1111-1111-111111111111' # Paste your own app ID here
appSecret = '22222222-2222-2222-2222-222222222222' # Paste your own app secret here appSecret = '22222222-2222-2222-2222-222222222222' # Paste your own app secret here
url = "https://login.windows.net/%s/oauth2/token" % (tenantId) url = "https://login.microsoftonline.com/%s/oauth2/token" % (tenantId)
resourceAppIdUri = 'https://api.securitycenter.windows.com' resourceAppIdUri = 'https://api.securitycenter.microsoft.com'
body = { body = {
'resource' : resourceAppIdUri, 'resource' : resourceAppIdUri,
@ -78,7 +82,7 @@ where
``` ```
query = 'RegistryEvents | limit 10' # Paste your own query here query = 'RegistryEvents | limit 10' # Paste your own query here
url = "https://api.securitycenter.windows.com/api/advancedqueries/run" url = "https://api.securitycenter.microsoft.com/api/advancedqueries/run"
headers = { headers = {
'Content-Type' : 'application/json', 'Content-Type' : 'application/json',
'Accept' : 'application/json', 'Accept' : 'application/json',

10
windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
View File

@ -23,7 +23,11 @@ ms.topic: article
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
@ -51,7 +55,7 @@ Delegated (work or school account) | Machine.Scan | 'Scan machine'
## HTTP request ## HTTP request
``` ```
POST https://api.securitycenter.windows.com/api/machines/{id}/runAntiVirusScan POST https://api.securitycenter.microsoft.com/api/machines/{id}/runAntiVirusScan
``` ```
## Request headers ## Request headers
@ -87,7 +91,7 @@ If successful, this method returns 201, Created response code and _MachineAction
Here is an example of the request. Here is an example of the request.
``` ```
POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/runAntiVirusScan POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/runAntiVirusScan
Content-type: application/json Content-type: application/json
{ {
"Comment": "Check machine for viruses due to alert 3212", "Comment": "Check machine for viruses due to alert 3212",

5
windows/security/threat-protection/microsoft-defender-atp/score.md
View File

@ -25,6 +25,11 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
[!include[Prerelease information](../../includes/prerelease.md)] [!include[Prerelease information](../../includes/prerelease.md)]
## Methods ## Methods

5
windows/security/threat-protection/microsoft-defender-atp/set-device-value.md
View File

@ -25,6 +25,11 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
Set the device value of a specific [Machine](machine.md).<br> Set the device value of a specific [Machine](machine.md).<br>

5
windows/security/threat-protection/microsoft-defender-atp/software.md
View File

@ -25,6 +25,11 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
[!include[Prerelease information](../../includes/prerelease.md)] [!include[Prerelease information](../../includes/prerelease.md)]
## Methods ## Methods

8
windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md
View File

@ -25,6 +25,10 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## API description ## API description
Stop execution of a file on a device and delete it. Stop execution of a file on a device and delete it.
@ -51,7 +55,7 @@ Delegated (work or school account) | Machine.StopAndQuarantine | 'Stop And Quara
## HTTP request ## HTTP request
``` ```
POST https://api.securitycenter.windows.com/api/machines/{id}/StopAndQuarantineFile POST https://api.securitycenter.microsoft.com/api/machines/{id}/StopAndQuarantineFile
``` ```
## Request headers ## Request headers
@ -80,7 +84,7 @@ If successful, this method returns 201 - Created response code and [Machine Acti
Here is an example of the request. Here is an example of the request.
``` ```
POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/StopAndQuarantineFile POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/StopAndQuarantineFile
Content-type: application/json Content-type: application/json
{ {
"Comment": "Stop and quarantine file on machine due to alert 441688558380765161_2136280442", "Comment": "Stop and quarantine file on machine due to alert 441688558380765161_2136280442",

5
windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md
View File

@ -25,6 +25,11 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
- See the corresponding [Indicators page](https://securitycenter.windows.com/preferences2/custom_ti_indicators/files) in the portal. - See the corresponding [Indicators page](https://securitycenter.windows.com/preferences2/custom_ti_indicators/files) in the portal.
Method|Return Type |Description Method|Return Type |Description

Some files were not shown because too many files have changed in this diff Show More