deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md
Joey Caparas 225ff4ac86 update flie link
2019-05-15 14:27:29 -07:00

3.8 KiB
Raw Blame History

title, description, keywords, search.product, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.author, author, ms.localizationpriority, manager, audience, ms.collection, ms.topic
title description keywords search.product ms.prod ms.mktglfcycl ms.sitesec ms.pagetype ms.author author ms.localizationpriority manager audience ms.collection ms.topic
Get file related machines API Retrieves a collection of machines related to a given file hash. apis, graph api, supported apis, get, machines, hash eADQiWindows 10XVcnh w10 deploy library security macapara mjcaparas medium dansimp ITPro M365-security-compliance article

Get file related machines API

Applies to:

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Use Microsoft Defender ATP APIs

Permission type Permission Permission display name
Application Machine.Read.All 'Read all machine profiles'
Application Machine.ReadWrite.All 'Read and write all machine information'
Delegated (work or school account) Machine.Read 'Read machine information'
Delegated (work or school account) Machine.ReadWrite 'Read and write machine information'

Note

When obtaining a token using user credentials:

  • The user needs to have at least the following role permission: 'View Data' (See Create and manage roles for more information)
  • Response will include only machines, that the user have access to, based on machine group settings (See Create and manage machine groups for more information)

HTTP request

GET /api/files/{id}/machines

Request headers

Name Type Description
Authorization String Bearer {token}. Required.

Request body

Empty

Response

If successful and file exists - 200 OK with list of machine entities in the body. If file do not exist - 404 Not Found.

Example

Request

Here is an example of the request.

[!includeImprove request performance]

GET https://api.securitycenter.windows.com/api/files/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/machines

Response

Here is an example of the response.

HTTP/1.1 200 OK
Content-type: application/json
{
    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
    "value": [
        {
            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
            "computerDnsName": "mymachine1.contoso.com",
            "firstSeen": "2018-08-02T14:55:03.7791856Z",
			"lastSeen": "2018-08-02T14:55:03.7791856Z",
            "osPlatform": "Windows10",
            "osVersion": "10.0.0.0",
            "lastIpAddress": "172.17.230.209",
            "lastExternalIpAddress": "167.220.196.71",
            "agentVersion": "10.5830.18209.1001",
            "osBuild": 18209,
            "healthStatus": "Active",
            "rbacGroupId": 140,
            "riskScore": "Low",
            "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
			"machineTags": [ "test tag 1", "test tag 2" ]
        },
        {
            "id": "7292e4b8cb74ff1cc3d8a495eb29dc8858b732f7",
            "computerDnsName": "mymachine2.contoso.com",
            "firstSeen": "2018-07-09T13:22:45.1250071Z",
			"lastSeen": "2018-07-09T13:22:45.1250071Z",
            "osPlatform": "Windows10",
            "osVersion": "10.0.0.0",
            "lastIpAddress": "192.168.12.225",
            "lastExternalIpAddress": "79.183.65.82",
            "agentVersion": "10.5820.17724.1000",
            "osBuild": 17724,
            "healthStatus": "Inactive",
			"rbacGroupId": 140,
            "riskScore": "Low",
            "aadDeviceId": null,
			"machineTags": [ "test tag 1" ]
        }
    ]
}