From f69885646f8a39cb83948ce6bc5d72427bac7ce1 Mon Sep 17 00:00:00 2001 From: David Laufer Date: Thu, 26 Jul 2018 17:41:20 +0300 Subject: [PATCH] Add page for supported APIs --- .../windows-defender-atp/TOC.md | 4 +- ...defender-advanced-threat-protection-new.md | 5 +++ ...defender-advanced-threat-protection-new.md | 44 +++++++++++++++++++ 3 files changed, 51 insertions(+), 2 deletions(-) create mode 100644 windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection-new.md diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md index 847153e0ba..10b1f2f16b 100644 --- a/windows/security/threat-protection/windows-defender-atp/TOC.md +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -97,8 +97,8 @@ #### [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md) #### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) -### [Use Windows Defender ATP APIs](exposed-apis-windows-defender-advanced-threat-protection-new.md) -#### Supported Windows Defender ATP APIs +### [**Beta!** Use Windows Defender ATP APIs](exposed-apis-windows-defender-advanced-threat-protection-new.md) +#### [Supported Windows Defender ATP APIs](supported-apis-windows-defender-advanced-threat-protection-new.md) ##### [Advanced Hunting](run-advanced-query-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection-new.md index 939a5c4859..21ca382b0b 100644 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection-new.md +++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection-new.md @@ -97,3 +97,8 @@ Before using the APIs, you’ll need to create an app that you’ll use to authe Click **Properties** > **Yes** > **Save**. ![Image of multi tenant](images/webapp-edit-multitenant.png) + + + +## Related topics +- [Supported Windows Defender ATP APIs](supported-apis-windows-defender-advanced-threat-protection-new.md) diff --git a/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection-new.md new file mode 100644 index 0000000000..0fd84c4e64 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection-new.md @@ -0,0 +1,44 @@ +--- +title: Supported Windows Defender Advanced Threat Protection query APIs +description: Learn about the specific supported Windows Defender Advanced Threat Protection entities where you can create API calls to. +keywords: apis, supported apis, actor, alerts, machine, user, domain, ip, file, advanced queries, advanced hunting +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: medium +ms.date: 04/24/2018 +--- + +# Supported Windows Defender ATP query APIs + +**Applies to:** + +- Windows 10 Enterprise +- Windows 10 Education +- Windows 10 Pro +- Windows 10 Pro Education +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + + + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-supportedapis-abovefoldlink) + +Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses. + +## In this section +Topic | Description +:---|:--- +Advanced Hunting | Run queries from API. +Alerts | Run API calls such as get alerts, alert information by ID, alert related actor information, alert related IP information, and alert related machine information. +Domain |Run API calls such as get domain related machines, domain related machines, statistics, and check if a domain is seen in your organization. +File | Run API calls such as get file information, file related alerts, file related machines, and file statistics. +IP | Run API calls such as get IP related alerts, IP related machines, IP statistics, and check if and IP is seen in your organization. +Machines | Run API calls such as find machine information by IP, get machines, get machines by ID, information about logged on users, and alerts related to a given machine ID. +User | Run API calls such as get alert related user information, user information, user related alerts, and user related machines. + +## Related topic +- [Use Windows Defender ATP APIs](exposed-apis-windows-defender-advanced-threat-protection-new.md)