deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md
Daniel Simpson 9efe39d7be fixing URL for eval link
2019-09-20 11:18:00 -07:00

2.8 KiB
Raw Blame History

title, description, keywords, search.product, search.appverid, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.author, author, ms.localizationpriority, manager, audience, ms.collection, ms.topic
title description keywords search.product search.appverid ms.prod ms.mktglfcycl ms.sitesec ms.pagetype ms.author author ms.localizationpriority manager audience ms.collection ms.topic
Supported Microsoft Defender Advanced Threat Protection response APIs Learn about the specific response related Microsoft Defender Advanced Threat Protection API calls. response apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file eADQiWindows 10XVcnh met150 w10 deploy library security macapara mjcaparas medium dansimp ITPro M365-security-compliance conceptual

Supported Microsoft Defender ATP query APIs

Applies to:

Want to experience Microsoft Defender ATP? Sign up for a free trial.

Learn about the supported response related API calls you can run and details such as the required request headers, and expected response from the calls.

In this section

Topic Description
Collect investigation package Run this to collect an investigation package from a machine.
Isolate machine Run this to isolate a machine from the network.
Unisolate machine Remove a machine from isolation.
Restrict code execution Run this to contain an attack by stopping malicious processes. You can also lock down a device and prevent subsequent attempts of potentially malicious programs from running.
Unrestrict code execution Run this to reverse the restriction of applications policy after you have verified that the compromised machine has been remediated.
Run antivirus scan Remotely initiate an antivirus scan to help identify and remediate malware that might be present on a compromised machine.
Stop and quarantine file Run this call to stop running processes, quarantine files, and delete persistency such as registry keys.
Request sample Run this call to request a sample of a file from a specific machine. The file will be collected from the machine and uploaded to a secure storage.
Block file Run this to prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware.
Unblock file Allow a file run in the organization using Windows Defender Antivirus.
Get package SAS URI Run this to get a URI that allows downloading an investigation package.
Get MachineAction object Run this to get MachineAction object.
Get MachineActions collection Run this to get MachineAction collection.
Get FileActions collection Run this to get FileActions collection.
Get FileMachineAction object Run this to get FileMachineAction object.
Get FileMachineActions collection Run this to get FileMachineAction collection.