deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-22 13:53:39 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
Files
abd5c4ad390a51cb15a5b1e3cc5efa8ad1b91449
windows-itpro-docs/windows/security/threat-protection/windows-defender-atp/TOC.md
Joey Caparas d285d1dc35 from master
2018-07-25 14:17:55 -07:00

18 KiB
Raw Blame History

Windows Defender Security Center

##Get started

Minimum requirements

Validate licensing and complete setup

Troubleshoot subscription and portal access issues

Preview features

Data storage and privacy

Assign user access to the portal

Onboard machines

Onboard previous versions of Windows

Onboard Windows 10 machines

Onboard machines using Group Policy

Onboard machines using System Center Configuration Manager

Onboard machines using Mobile Device Management tools

Onboard machines using Microsoft Intune

Onboard machines using a local script

Onboard non-persistent virtual desktop infrastructure (VDI) machines

Onboard servers

Onboard non-Windows machines

Run a detection test on a newly onboarded machine

Run simulated attacks on machines

Configure proxy and Internet connectivity settings

Troubleshoot onboarding issues

Understand the portal

Portal overview

View the Security operations dashboard

View the Secure Score dashboard and improve your secure score

View the Threat analytics dashboard and take recommended mitigation actions

##Investigate and remediate threats ###Alerts queue

View and organize the Alerts queue

Manage alerts

Investigate alerts

Investigate files

Investigate machines

Investigate an IP address

Investigate a domain

Investigate a user account

###Machines list

View and organize the Machines list

Manage machine group and tags

Alerts related to this machine

Machine timeline

Search for specific events
Filter events from a specific date
Export machine timeline events
Navigate between pages

Take response actions

Take response actions on a machine

Collect investigation package
Run antivirus scan
Restrict app execution
Remove app restriction
Isolate machines from the network
Release machine from isolation
Check activity details in Action center

Take response actions on a file

Stop and quarantine files in your network
Remove file from quarantine
Block files in your network
Remove file from blocked list
Check activity details in Action center
Deep analysis
Submit files for analysis
View deep analysis reports
Troubleshoot deep analysis

Query data using Advanced hunting

Advanced hunting reference

Advanced hunting query language best practices

Use Automated investigation to investigate and remediate threats

Protect data with conditional access

##API and SIEM support

Pull alerts to your SIEM tools

Enable SIEM integration

Configure Splunk to pull alerts

Configure HP ArcSight to pull alerts

Windows Defender ATP alert API fields

Pull alerts using REST API

Troubleshoot SIEM tool integration issues

Use the threat intelligence API to create custom alerts

Understand threat intelligence concepts

Enable the custom threat intelligence application

Create custom threat intelligence alerts

PowerShell code examples

Python code examples

Experiment with custom threat intelligence alerts

Troubleshoot custom threat intelligence issues

Use the Windows Defender ATP exposed APIs

Supported Windows Defender ATP APIs

#####Actor

Get actor information
Get actor related alerts

#####Alerts

Get alerts
Get alert information by ID
Get alert related actor information
Get alert related domain information
Get alert related file information
Get alert related IP information
Get alert related machine information

#####Domain

Get domain related alerts
Get domain related machines
Get domain statistics
Is domain seen in organization

#####File

Block file
Get file information
Get file related alerts
Get file related machines
Get file statistics
Get FileActions collection
Unblock file

#####IP

Get IP related alerts
Get IP related machines
Get IP statistics
Is IP seen in organization

#####Machines

Collect investigation package
Find machine information by IP
Get machines
Get FileMachineAction object
Get FileMachineActions collection
Get machine by ID
Get machine log on users
Get machine related alerts
Get MachineAction object
Get MachineActions collection
Get machines
Get package SAS URI
Isolate machine
Release machine from isolation
Remove app restriction
Request sample
Restrict app execution
Run antivirus scan
Stop and quarantine file

#####User

Get alert related user information
Get user information
Get user related alerts
Get user related machines

##Reporting

Create and build Power BI reports using Windows Defender ATP data

##Check service health and sensor state

Check sensor state

Fix unhealthy sensors

Inactive machines

Misconfigured machines

Check service health

Configure Windows Defender Security Center settings

###General

Update data retention settings

Configure alert notifications

Enable and create Power BI reports using Windows Defender ATP data

Enable Secure score security controls

Configure advanced features

###Permissions

Manage portal access using RBAC

Create and manage machine groups

###APIs

Enable Threat intel

Enable SIEM integration

###Rules

Manage suppression rules

Manage automation allowed/blocked

Manage automation file uploads

Manage automation folder exclusions

###Machine management

Onboarding machines

Offboarding machines

Configure Windows Defender Security Center zone settings

Access the Windows Defender ATP Community Center

Troubleshoot Windows Defender ATP service issues

Review events and errors on machines with Event Viewer