mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-10 19:47:22 +00:00
9444d5ca5b
* Update windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update policy-csp-update.md In 1903 we deprecated the value of 32 and combined Semi-Annual Channel (Targeted) with the Semi-Annual Channel. We need to communicate this change in the documentation. * chore: Replace tab after unorderd list marker * Update windows/security/identity-protection/credential-guard/credential-guard-manage.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * markdown syntex issue There was a syntex issue with formating. It has been fixed. * Update MDM Path https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflash Issue https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3553 * HTML Tag fix There was issue with HTML tag in live 203 and has been fixed. * Update windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/deployment/update/waas-overview.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update waas-overview.md * Update hello-hybrid-cert-whfb-settings-policy.md removing extra "want" * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update hello-planning-guide.md * Update windows/deployment/update/waas-delivery-optimization-reference.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/deployment/update/waas-delivery-optimization-reference.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update whiteboard-collaboration.md * Update hello-key-trust-policy-settings.md * Update integrate-configuration-manager-with-mdt.md * Update use-system-center-configuration-manager-to-manage-devices-with-semm.md * Update start-layout-xml-desktop.md Added syntax and note * remove reference about Windows 10 Pro https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3255 * Fixed Typo * Adding Question to FAQ https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4288 * Adding Question to FAQ https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4288 * Updated with TVM refs * Emphasize Device Sync https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4401 * Update windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * fix: MD005/list-indent Inconsistent indentation for list items at the same level * Update integrate-configuration-manager-with-mdt.md * Update use-system-center-configuration-manager-to-manage-devices-with-semm.md * Update enable-admx-backed-policies-in-mdm.md Added two links to notes. * Update windows/configuration/start-layout-xml-desktop.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update index.md Corrected typo: 'annd' to 'and' * Update windows/security/identity-protection/hello-for-business/hello-planning-guide.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update devices/surface-hub/whiteboard-collaboration.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Create troubleshooting-agpm40-upgrades.md * Update TOC.md Addition of Troubleshooting AGPM Upgrades top-level link * Update windows-10-upgrade-paths.md * Update white-glove.md Removed a singular reference to WG and replaced with white glove * remove last 3 blocks in IT Admin * Fixes typo issue in line 47 Closes #4557 * Update metadata to replace non-existent author * Update index.md Typo - corrected 'Bitlocker' to 'BitLocker' * Rename windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md to windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md * Update hello-planning-guide.md * Update configure-wd-app-guard.md * Update configure-wd-app-guard.md * Update configure-wd-app-guard.md * Update kiosk-xml.md * Update kiosk-xml.md * Update waas-servicing-differences.md Removed double use of the word critical * Minor update to properly reflect supported macros * Update applocker-csp.md * Update kiosk-xml.md * Update applocker-csp.md * updated image needed I don't have rights to upload a new file (the updated error image) More details here: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/2489 * MDOP May 2019 Servicing Release: new Hotfix Link Microsoft Desktop Optimization Pack May 2019 Servicing Release. Replaces the outdated MDOP link to July 2018 Servicing Release. Thanks to CaptainUnlikely for the Technet blogs information update. Closes #4574 * Creating a WDATP alert requires recommendedAction Otherwise the following will be returned by the API: ``` {"error":{"code":"BadRequest","message":"recommendedAction argument is missing"}} ``` * Update windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update guidelines-for-assigned-access-app.md * Corrected typo Changed "ConnecionSuccess" to "ConnectionSuccess * Update install-wd-app-guard.md * Update self-deploying.md Added additional links. * Update install-wd-app-guard.md * Update hello-hybrid-cert-trust-devreg.md * Update waas-delivery-optimization.md fixed typo * Fixed a small typo Changed "wwitches" to "switches". * Update for the month June 2019 I have added the content for surface hub based on an update KB4503289. There was no update released for a hub for the month of July. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4586 * Update devices/surface-hub/surface-hub-update-history.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * typo typo the Action Sataus column instead of the Action Status column * Correcting small mistake on which version of Win10 displays MBEC Correcting initial mistake when changed docs. * Updated links Hotlink for configuring MTP integration and API support was missing and has been updated. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4569 * Resolves #4620 - typo in command line Issue #4620 Set-ProcesMitigation -Name c:\apps\lob\tests\testing.exe -Enable AuditDynamicCode should be Set-ProcessMitigation -Name c:\apps\lob\tests\testing.exe -Enable AuditDynamicCode * HTML to MarkDown in hello-hybrid-aadj-sso-cert.md This is a combined effort to alleviate a translation bug as well as improving the MarkDown codestyle in this document, both for the English (en-us) version of the document as well as the translated versions. This change should in theory close the issue tickets #3451 and #3453 after the scripted translation process has been re-run on this document. This solution is based on a user discussion in issue ticket #4589 . * Update windows/deployment/windows-autopilot/self-deploying.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update index.md * Update waas-configure-wufb.md * Update hello-features.md Removes \ typo * Update windows-analytics-get-started.md adding IE site discovery to GDPR blurb * Update sideload-apps-in-windows-10.md * Update upgrade-readiness-deployment-script.md replacing support email with official support channels * missing bold on GUI element * formatting again - italicize typed word * fixing warnings * restored missing art, somehow * CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_2019080917545405 (#881)
3.9 KiB
3.9 KiB
title, description, keywords, search.product, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.author, author, ms.localizationpriority, manager, audience, ms.collection, ms.topic
| title | description | keywords | search.product | ms.prod | ms.mktglfcycl | ms.sitesec | ms.pagetype | ms.author | author | ms.localizationpriority | manager | audience | ms.collection | ms.topic |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Create alert from event API | Creates an alert using event details | apis, graph api, supported apis, get, alert, information, id | eADQiWindows 10XVcnh | w10 | deploy | library | security | macapara | mjcaparas | medium | dansimp | ITPro | M365-security-compliance | article |
Create alert from event API
Applies to:
Enables using event data, as obtained from the Advanced Hunting for creating a new alert entity.
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Use Microsoft Defender ATP APIs
| Permission type | Permission | Permission display name |
|---|---|---|
| Application | Alerts.ReadWrite.All | 'Read and write all alerts' |
| Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts' |
Note
When obtaining a token using user credentials:
- The user needs to have at least the following role permission: 'Alerts investigation' (See Create and manage roles for more information)
- The user needs to have access to the machine associated with the alert, based on machine group settings (See Create and manage machine groups for more information)
HTTP request
POST https://api.securitycenter.windows.com/api/alerts/CreateAlertByReference
Request headers
| Name | Type | Description |
|---|---|---|
| Authorization | String | Bearer {token}. Required. |
| Content-Type | String | application/json. Required. |
Request body
In the request body, supply the following values (all are required):
| Property | Type | Description |
|---|---|---|
| machineId | String | Id of the machine on which the event was identified. Required. |
| severity | String | Severity of the alert. The property values are: 'Low', 'Medium' and 'High'. Required. |
| title | String | Title for the alert. Required. |
| description | String | Description of the alert. Required. |
| recommendedAction | String | Action that is recommended to be taken by security officer when analyzing the alert. Required. |
| eventTime | DateTime(UTC) | The time of the event, as obtained from the advanced query. Required. |
| reportId | String | The reportId, as obtained from the advanced query. Required. |
| category | String | Category of the alert. The property values are: 'None', 'SuspiciousActivity', 'Malware', 'CredentialTheft', 'Exploit', 'WebExploit', 'DocumentExploit', 'PrivilegeEscalation', 'Persistence', 'RemoteAccessTool', 'CommandAndControl', 'SuspiciousNetworkTraffic', 'Ransomware', 'MalwareDownload', 'Reconnaissance', 'WebFingerprinting', 'Weaponization', 'Delivery', 'SocialEngineering', 'CredentialStealing', 'Installation', 'Backdoor', 'Trojan', 'TrojanDownloader', 'LateralMovement', 'ExplorationEnumeration', 'NetworkPropagation', 'Exfiltration', 'NotApplicable', 'EnterprisePolicy' and 'General'. |
Response
If successful, this method returns 200 OK, and a new alert object in the response body. If event with the specified properties (reportId, eventTime and machineId) was not found - 404 Not Found.
Example
Request
Here is an example of the request.
[!includeImprove request performance]
POST https://api.securitycenter.windows.com/api/alerts/CreateAlertByReference
Content-Length: application/json
{
"machineId": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
"severity": "Low",
"title": "test alert",
"description": "test alert",
"recommendedAction": "test alert",
"eventTime": "2018-08-03T16:45:21.7115183Z",
"reportId": "20776",
"category": "None"
}