deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md
Joey Caparas 0c8c2d1395 delete topic, add notes
2019-09-09 14:16:39 -07:00

2.3 KiB
Raw Blame History

title, description, keywords, search.product, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.author, author, ms.localizationpriority, manager, audience, ms.collection, ms.topic
title description keywords search.product ms.prod ms.mktglfcycl ms.sitesec ms.pagetype ms.author author ms.localizationpriority manager audience ms.collection ms.topic
Indicator resource type Indicator entity description. apis, supported apis, get, TiIndicator, Indicator, recent eADQiWindows 10XVcnh w10 deploy library security macapara mjcaparas medium dansimp ITPro M365-security-compliance article

Indicator resource type

Applies to:

Method Return Type Description
List Indicators Indicator Collection List Indicator entities.
Submit Indicator Indicator Submits Indicator entity.
Delete Indicator No Content Deletes Indicator entity.
  • See the corresponding page in the portal.

For more information on creating indicators, see Manage indicators.

Properties

Property Type Description
indicatorValue String Identity of the Indicator entity.
indicatorType Enum Type of the indicator. Possible values are: "FileSha1", "FileSha256", "IpAddress", "DomainName" and "Url"
title String Indicator alert title.
creationTimeDateTimeUtc DateTimeOffset The date and time when the indicator was created.
createdBy String Identity of the user/application that submitted the indicator.
expirationTime DateTimeOffset The expiration time of the indicator
action Enum The action that will be taken if the indicator will be discovered in the organization. Possible values are: "Alert", "AlertAndBlock", and "Allowed"
severity Enum The severity of the indicator. possible values are: "Informational", "Low", "Medium" and "High"
description String Description of the indicator.
recommendedActions String Indicator alert recommended actions.
rbacGroupNames List of strings RBAC group names where the indicator is exposed. Empty list in case it exposed to all groups.