mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-10 19:47:22 +00:00
3.6 KiB
3.6 KiB
title, description, keywords, search.product, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, author, localizationpriority
| title | description | keywords | search.product | ms.prod | ms.mktglfcycl | ms.sitesec | ms.pagetype | author | localizationpriority |
|---|---|---|---|---|---|---|---|---|---|
| Python code examples for the custom threat intelligence API | Use Python code to create custom threat intelligence using REST API. | python, code examples, threat intelligence, custom threat intelligence, rest api, api | eADQiWindows 10XVcnh | w10 | deploy | library | security | mjcaparas | high |
Python code examples for the custom threat intelligence API
Applies to:
- Windows 10 Enterprise
- Windows 10 Education
- Windows 10 Pro
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]
Before you begin
You must install the "requests" python library.
These code examples demonstrate the following tasks:
- Obtain an Azure AD access token
- Create request session object
- Create calls to the custom threat intelligence API
- Create a new alert definition
- Create a new indicator of compromise
Replace the tenant_id, client_id, and client_secret values with the ones you got from Preferences settings page in the portal:
[!codeCustomTIAPI]
## Step 2: Create request session object Add HTTP headers to the session object, including the Authorization header with the token that was obtained.[!codeCustomTIAPI]
## Step 3: Create calls to the custom threat intelligence API After adding HTTP headers to the session object, you can now create calls to the API. The following example demonstrates how you can view all the alert definition entities:[!codeCustomTIAPI]
The response is empty on initial use of the API.
## Step 4: Create a new alert definition The following example demonstrates how you to create a new alert definition.[!codeCustomTIAPI]
## Step 5: Create a new indicator of compromise You can now use the alert ID obtained from creating a new alert definition to create a new indicator of compromise.[!codeCustomTIAPI]
Complete code
You can use the complete code to create calls to the API.
[!codeCustomTIAPI]