Skip to content

Commit

Permalink
Merge pull request #24693 from microsoftgraph/main
Browse files Browse the repository at this point in the history 
Merge to publish
  • Loading branch information
@jasonjoh
jasonjoh authored Jul 5, 2024
2 parents 531c8fb + c7910fd commit b5fdc46
Show file tree
Hide file tree
Showing 39 changed files with 789 additions and 811 deletions.
38 changes: 6 additions & 32 deletions api-reference/beta/api/backuprestoreroot-post-serviceapps.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ POST /solutions/backupRestore/serviceApps

## Request body

Do not supply a request body for this method.
In the request body, supply an empty JSON object `{}` for this method.

## Response

Expand All @@ -55,45 +55,19 @@ If successful, this method returns a `201 Created` response code and a [serviceA
### Request

The following example shows a request.
# [HTTP](#tab/http)

<!-- {
"blockType": "request",
"name": "create_serviceapp"
}
-->
``` http
POST https://graph.microsoft.com/beta/solutions/backupRestore/serviceApps
```

# [C#](#tab/csharp)
[!INCLUDE [sample-code](../includes/snippets/csharp/create-serviceapp-csharp-snippets.md)]
[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]

# [CLI](#tab/cli)
[!INCLUDE [sample-code](../includes/snippets/cli/create-serviceapp-cli-snippets.md)]
[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]

# [Go](#tab/go)
[!INCLUDE [sample-code](../includes/snippets/go/create-serviceapp-go-snippets.md)]
[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]

# [Java](#tab/java)
[!INCLUDE [sample-code](../includes/snippets/java/create-serviceapp-java-snippets.md)]
[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]

# [JavaScript](#tab/javascript)
[!INCLUDE [sample-code](../includes/snippets/javascript/create-serviceapp-javascript-snippets.md)]
[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
Content-type: application/json
# [PHP](#tab/php)
[!INCLUDE [sample-code](../includes/snippets/php/create-serviceapp-php-snippets.md)]
[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]

# [Python](#tab/python)
[!INCLUDE [sample-code](../includes/snippets/python/create-serviceapp-python-snippets.md)]
[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]

---
{
}
```

### Response

Expand Down
25 changes: 13 additions & 12 deletions api-reference/beta/api/security-incident-get.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,25 +130,26 @@ Content-type: application/json
"status": "Active",
"severity": "Medium",
"customTags": [
"Demo"
"Demo"
],
"comments": [
{
"comment": "Demo incident",
"createdBy": "DavidS@contoso.com",
"createdTime": "2021-09-30T12:07:37.2756993Z"
}
{
"comment": "Demo incident",
"createdBy": "DavidS@contoso.com",
"createdTime": "2021-09-30T12:07:37.2756993Z"
}
],
"systemTags" : [
"systemTags": [
"Defender Experts"
],
"description" : "Microsoft observed Raspberry Robin worm activityspreading through infected USB on multiple devices in your environment. From available intel, these infections could be a potential precursor activity to ransomware deployment. ...",
"recommendedActions" : "Immediate Recommendations:  1.    Block untrusted and unsigned processes that run from USB (ASR Rule) 2.    Verify if the ASR rule is turned on for the devicesand evaluate whether the ASR . ...",
"recommendedHuntingQueries" : [
"description": "Microsoft observed Raspberry Robin worm activity spreading through infected USB on multiple devices in your environment. From available intel, these infections could be a potential precursor activity to ransomware deployment. ...",
"recommendedActions": "Immediate Recommendations:  1.    Block untrusted and unsigned processes that run from USB (ASR Rule) 2.    Verify if the ASR rule is turned on for the devices and evaluate whether the ASR . ...",
"recommendedHuntingQueries": [
{
"kqlText" : "AlertInfo| where Timestamp >= datetime(2022-10-20 06:00:52.9644915)| where Title == 'Potential Raspberry Robin worm command' | join AlertEvidence on AlertId | distinct DeviceId"
"kqlText": "AlertInfo | where Timestamp >= datetime(2022-10-20 06:00:52.9644915) | where Title == 'Potential Raspberry Robin worm command' | join AlertEvidence on AlertId | distinct DeviceId"
}
],
"lastModifiedBy": "DavidS@contoso.onmicrosoft.com"
"lastModifiedBy": "DavidS@contoso.onmicrosoft.com",
"summary": "Defender Experts has identified some malicious activity. This incident has been raised for your awareness and should be investigated as normal."
}
```
29 changes: 15 additions & 14 deletions api-reference/beta/api/security-incident-update.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,10 +48,10 @@ PATCH /security/incidents/{incidentId}
|:---|:---|:---|
|assignedTo|String|Owner of the incident, or null if no owner is assigned. Free editable text.|
|classification|microsoft.graph.security.alertClassification|The specification for the incident. Possible values are: `unknown`, `falsePositive`, `truePositive`, `informationalExpectedActivity`, `unknownFutureValue`.|
|customTags|String collection|Array of custom tags associated with an incident.|
|determination|microsoft.graph.security.alertDetermination|Specifies the determination of the incident. Possible values are: `unknown`, `apt`, `malware`, `securityPersonnel`, `securityTesting`, `unwantedSoftware`, `other`, `multiStagedAttack`, `compromisedUser`, `phishing`, `maliciousUserActivity`, `notMalicious`, `notEnoughDataToValidate`, `confirmedUserActivity`, `lineOfBusinessApplication`, `unknownFutureValue`.|
|status|microsoft.graph.security.incidentStatus|The status of the incident. Possible values are: `active`, `resolved`, `redirected`, `unknownFutureValue`.|
|customTags|String collection|Array of custom tags associated with an incident.|

|summary|String|The overview of an attack. When applicable, the summary contains details of what occurred, impacted assets, and the type of attack.|

## Response

Expand Down Expand Up @@ -144,25 +144,26 @@ Content-Type: application/json
"status": "Active",
"severity": "Medium",
"customTags": [
"Demo"
"Demo"
],
"comments": [
{
"comment": "Demo incident",
"createdBy": "DavidS@contoso.com",
"createdTime": "2021-09-30T12:07:37.2756993Z"
}
{
"comment": "Demo incident",
"createdBy": "DavidS@contoso.com",
"createdTime": "2021-09-30T12:07:37.2756993Z"
}
],
"systemTags" : [
"systemTags": [
"Defender Experts"
],
"description" : "Microsoft observed Raspberry Robin worm activity spreading through infected USB on multiple devices in your environment. From available intel, these infections could be a potential precursor activity to ransomware deployment. ...",
"recommendedActions" : "Immediate Recommendations: 1. Block untrusted and unsigned processes that run from USB (ASR Rule) 2. Verify if the ASR rule is turned on for the devices and evaluate whether the ASR . ...",
"recommendedHuntingQueries" : [
"description": "Microsoft observed Raspberry Robin worm activity spreading through infected USB on multiple devices in your environment. From available intel, these infections could be a potential precursor activity to ransomware deployment. ...",
"recommendedActions": "Immediate Recommendations: 1. Block untrusted and unsigned processes that run from USB (ASR Rule) 2. Verify if the ASR rule is turned on for the devices and evaluate whether the ASR . ...",
"recommendedHuntingQueries": [
{
"kqlText" : "//Run this query to identify the devices having Raspberry Robin worm alerts AlertInfo | where Timestamp >= datetime(2022-10-20 06:00:52.9644915) | where Title == 'Potential Raspberry Robin worm command' | join AlertEvidence on AlertId | distinct DeviceId"
"kqlText": "//Run this query to identify the devices having Raspberry Robin worm alerts AlertInfo | where Timestamp >= datetime(2022-10-20 06:00:52.9644915) | where Title == 'Potential Raspberry Robin worm command' | join AlertEvidence on AlertId | distinct DeviceId"
}
]
],
"summary": "Defender Experts has identified some malicious activity. This incident has been raised for your awareness and should be investigated as normal."
}
```

Loading

0 comments on commit b5fdc46

Please sign in to comment.