• Install & Activate
  • Troubleshooting
BEST Antivirus KBS : Largest Anti-Malware Knowlegde Base and Support
  • Install & Activate
  • Troubleshooting

Indicator resource type (Microsoft)

/Download, Install & Active / Microsoft / Download, Install & Active / Microsoft / Microsoft Business / Download, Install & Active / Microsoft / Microsoft Home / Indicator resource type (Microsoft)
  • December 25, 2021
  • BEST Antivirus Staff 2
  • Microsoft / Microsoft Business / Microsoft Home

Contents

  1. Properties
  2. Indicator Types
  3. Json representation
    1. Source : Official Microsoft Brand Editor by : BEST Antivirus KBS Team
0
(0)

Note

If you are a US Government customer, please use the URIs listed in Microsoft Defender for Endpoint for US Government customers.

 Tip

For better performance, you can use server closer to your geo location:

  • api-us.securitycenter.microsoft.com
  • api-eu.securitycenter.microsoft.com
  • api-uk.securitycenter.microsoft.com
  • See the corresponding Indicators page in the portal.
TABLE 1
Method Return Type Description
List Indicators Indicator Collection List Indicator entities.
Submit Indicator Indicator Submit or update Indicator entity.
Import Indicators Indicator Collection Submit or update Indicators entities.
Delete Indicator No Content Deletes Indicator entity.

Properties

PROPERTIES
Property Type Description
id String Identity of the Indicator entity.
indicatorValue String The value of the Indicator.
indicatorType Enum Type of the indicator. Possible values are: “FileSha1”, “FileSha256”, “FileMd5”, “CertificateThumbprint”, “IpAddress”, “DomainName” and “Url”.
application String The application associated with the indicator.
action Enum The action that will be taken if the indicator will be discovered in the organization. Possible values are: “Warn”, “Block”, “Audit”, “Alert”, “AlertAndBlock”, “BlockAndRemediate” and “Allowed”.
externalID String Id the customer can submit in the request for custom correlation.
sourceType Enum “User” in case the Indicator created by a user (for example, from the portal), “AadApp” in case it submitted using automated application via the API.
createdBySource string The name of the user/application that submitted the indicator.
createdBy String Unique identity of the user/application that submitted the indicator.
lastUpdatedBy String Identity of the user/application that last updated the indicator.
creationTimeDateTimeUtc DateTimeOffset The date and time when the indicator was created.
expirationTime DateTimeOffset The expiration time of the indicator.
lastUpdateTime DateTimeOffset The last time the indicator was updated.
severity Enum The severity of the indicator. possible values are: “Informational”, “Low”, “Medium” and “High”.
title String Indicator title.
description String Description of the indicator.
recommendedActions String Recommended actions for the indicator.
rbacGroupNames List of strings RBAC device group names where the indicator is exposed and active. Empty list in case it exposed to all devices.
rbacGroupIds List of strings RBAC device group ID’s where the indicator is exposed and active. Empty list in case it exposed to all devices.
generateAlert Enum True if alert generation is required, False if this indicator should not generate an alert.

Indicator Types

The indicator action types supported by the API are:

  • Allowed
  • Audit
  • Block
  • BlockAndRemediate
  • Warn (Defender for Cloud Apps only)

For more information on the description of the response action types, see Create indicators.

 Note

The prior response actions (AlertAndBlock, and Alert) will be supported until January 2022. After this date, all customers must be use one of the action types listed above.

Json representation

JSON

{
    "id": "994",
    "indicatorValue": "881c0f10c75e64ec39d257a131fcd531f47dd2cff2070ae94baa347d375126fd",
    "indicatorType": "FileSha256",
    "action": "AlertAndBlock",
    "application": null,
    "source": "[email protected]",
    "sourceType": "User",
    "createdBy": "[email protected]",
    "severity": "Informational",
    "title": "Michael test",
    "description": "test",
    "recommendedActions": "nothing",
    "creationTimeDateTimeUtc": "2019-12-19T09:09:46.9139216Z",
    "expirationTime": null,
    "lastUpdateTime": "2019-12-19T09:09:47.3358111Z",
    "lastUpdatedBy": null,
    "rbacGroupNames": ["team1"]
}

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

Tagged: MicrosoftMicrosoft for BusinessMicrosoft for home

Related Articles

  • All about Microsoft

  • Overview of Microsoft 365 Lighthouse

  • Microsoft Defender for Business (preview) – Frequently asked questions and answers

  • Get help and support for Microsoft Defender for Business (preview)

  • Manage your custom rules for firewall policies in Microsoft Defender for Business (preview)

  • Firewall in Microsoft Defender for Business (preview)

ask or enter a search term

Top Rated Posts

5 (1)

Identity Protection – Enrolment/Registering (TotalAV)

5 (1)

All about Bitdefender Antivirus

5 (1)

Base Filtering Engine not found (Kaspersky)

5 (1)

[KB7857] Set up an HTTPS/SSL connection for ESET PROTECT (8.x) Linux

5 (1)

Installing on iPhone & iPad

About

We are BEST Antivirus , Trusted Comparison and Cheap Antivirus Software 2020. KBS is Knowledge Base and Support : This page was created to guide customers through the installation and to resolve all the common errors of anti-virus software.

Partners

› Avast
› AVG
› BitDefender
› ESET
› Trend Micro
› All Partners

Resources

› Store
› Advertise
› Brand Reviews
› Review Platforms
› Contact Page
› Knowledge Base

  • Install & Activate
  • Troubleshooting
© Copyright by BEST Antivirus by SSG Limited