mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 13:27:23 +00:00
54 lines
1.9 KiB
Python
54 lines
1.9 KiB
Python
import json
|
|
import requests
|
|
from pprint import pprint
|
|
|
|
tenant_id="{your tenant ID}"
|
|
client_id="{your client ID}"
|
|
client_secret="{your client secret}"
|
|
|
|
auth_url = "https://login.windows.net/{0}/oauth2/token".format(tenant_id)
|
|
|
|
payload = {"resource": "https://graph.windows.net",
|
|
"client_id": client_id,
|
|
"client_secret": client_secret,
|
|
"grant_type": "client_credentials"}
|
|
|
|
response = requests.post(auth_url, payload)
|
|
token = json.loads(response.text)["access_token"]
|
|
|
|
with requests.Session() as session:
|
|
session.headers = {
|
|
'Authorization': 'Bearer {}'.format(token),
|
|
'Content-Type': 'application/json',
|
|
'Accept': 'application/json'}
|
|
|
|
response = session.get("https://ti.securitycenter.windows.com/V1.0/AlertDefinitions")
|
|
pprint(json.loads(response.text))
|
|
|
|
alert_definition = {"Name": "The alert's name",
|
|
"Severity": "Low",
|
|
"InternalDescription": "An internal description of the alert",
|
|
"Title": "The Title",
|
|
"UxDescription": "Description of the alerts",
|
|
"RecommendedAction": "The alert's recommended action",
|
|
"Category": "Trojan",
|
|
"Enabled": True}
|
|
|
|
response = session.post(
|
|
"https://ti.securitycenter.windows.com/V1.0/AlertDefinitions",
|
|
json=alert_definition)
|
|
|
|
alert_definition_id = json.loads(response.text)["Id"]
|
|
|
|
ioc = {'Type': "Sha1",
|
|
'Value': "dead1111eeaabbccddeeaabbccddee11ffffffff",
|
|
'DetectionFunction': "Equals",
|
|
'Enabled': True,
|
|
"AlertDefinition@odata.bind": "AlertDefinitions({0})".format(alert_definition_id)}
|
|
|
|
response = session.post(
|
|
"https://ti.securitycenter.windows.com/V1.0/IndicatorsOfCompromise",
|
|
json=ioc)
|
|
|
|
pprint(json.loads(response.text))
|