deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-20 17:27:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

add new topic and image

Browse Source
This commit is contained in:
Joey Caparas 2017-08-01 13:44:12 -07:00
parent 503992ca27
commit f20adcc0be
2 changed files with 46 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
windows/threat-protection/windows-defender-atp/images/atp-add-application.png.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 16 KiB

46
windows/threat-protection/windows-defender-atp/manage-alerts-api-windows-defender-advanced-threat-protection.md Normal file
View File

@ -0,0 +1,46 @@
---
title: Manage Windows Defender ATP alerts using APIs
description: Create your custom alert definitions and indicators of compromise in Windows Defender ATP using the available APIs in Windows Enterprise, Education, and Pro editions.
keywords: alert definitions, indicators of compromise, threat intelligence, custom threat intelligence, rest api, api
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
---
# Manage Windows Defender ATP alerts using the application program interface (APIs)
**Applies to:**
- Windows 10 Enterprise
- Windows 10 Education
- Windows 10 Pro
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
Windows Defender ATP supports the OAuth 2.0 protocol. Using the OAuth 2.0 Authentication flow, you can use programmatic APIs to take response actions and leverage the rich host-based collected information to enrich signals from other sources through the Microsoft Security Graph. For more information, see OAuth 2.0 Authorization Code Flow.
In general, youll need to take the following steps to use the APIs:
- Create an app
- Fetch a token
- Run queries on the graph API
### Before you begin
Before using the APIs, youll need to create an app that youll use to authenticate against the graph. Youll need to create a native app to use for the adhoc queries.
**Create an app**<br>
1. Log on to [Azure](https://manage.windowsazure.com).
2. Navigate to **Active Directory**.
3. Select the tenant you want to register this app in - you can have several tenants. You are advised to have at least one separate development or test tenant in addition to a production tenant.
4. Go to the **Applications** tab and click **Add**.
5. Select **Add an application my organization is developing**.
![Image of Add an application my organization is developing](images/atp-add-application.png)