deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-29 13:47:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merged PR 6704: add ioc types to custom ti

Browse Source 
add ioc types to custom ti
This commit is contained in:
Joey Caparas 2018-03-28 12:56:20 +00:00
commit efa7ecc62c
1 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md
View File

@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara ms.author: macapara
author: mjcaparas author: mjcaparas
ms.localizationpriority: high ms.localizationpriority: high
ms.date: 10/16/2017 ms.date: 03/27/2018
--- ---
# Create custom alerts using the threat intelligence (TI) application program interface (API) # Create custom alerts using the threat intelligence (TI) application program interface (API)
@ -184,6 +184,21 @@ Content-Type: application/json;
``` ```
If successful, you should get a 201 CREATED response containing the representation of the newly created indicators of compromise in the payload. If successful, you should get a 201 CREATED response containing the representation of the newly created indicators of compromise in the payload.
The API currently supports the following IOC types:
- Sha1
- Sha256
- Md5
- FileName
- IpAddress
- DomainName
And the following operators:
- Equals
- StartWith
- EndWith
- Contains
## Bulk upload of alert definitions and IOCs ## Bulk upload of alert definitions and IOCs
Bulk upload of multiple entities can be done by sending an HTTP POST request to `/{resource}/Actions.BulkUpload`. </br> Bulk upload of multiple entities can be done by sending an HTTP POST request to `/{resource}/Actions.BulkUpload`. </br>