Espacio de nombres: microsoft.graph
Importante
Las API de la versión /beta de Microsoft Graph están sujetas a cambios. No se admite el uso de estas API en aplicaciones de producción. Para determinar si una API está disponible en la versión 1.0, use el selector de Versión.
Cargue varios indicadores de inteligencia sobre amenazas (TI) en una solicitud en lugar de varias solicitudes.
Esta API está disponible en las siguientes implementaciones nacionales de nube.
| Servicio global |
Gobierno de EE. UU. L4 |
Us Government L5 (DOD) |
China operada por 21Vianet |
| ✅ |
❌ |
❌ |
❌ |
Permissions
Elija el permiso o los permisos marcados como con privilegios mínimos para esta API. Use un permiso o permisos con privilegios superiores solo si la aplicación lo requiere. Para obtener más información sobre los permisos delegados y de aplicación, consulte Tipos de permisos. Para obtener más información sobre estos permisos, consulte la referencia de permisos.
| Tipo de permiso |
Permisos con privilegios mínimos |
Permisos con privilegios más altos |
| Delegado (cuenta profesional o educativa) |
ThreatIndicators.ReadWrite.OwnedBy |
No disponible. |
| Delegado (cuenta personal de Microsoft) |
No admitida. |
No admitida. |
| Aplicación |
ThreatIndicators.ReadWrite.OwnedBy |
No disponible. |
Solicitud HTTP
POST /security/tiIndicators/submitTiIndicators
Cuerpo de la solicitud
En el cuerpo de la solicitud, proporcione un objeto JSON con los siguientes parámetros.
| Parámetro |
Tipo |
Descripción |
| value |
colección tiIndicator |
Colección JSON de tiIndicators que se van a crear. |
Para cada tiIndicator, proporcione una representación JSON de un objeto tiIndicator que contenga al menos un correo electrónico, archivo o red observable, y los siguientes campos obligatorios: action, description, expirationDateTime, targetProduct, threatType, tlpLevel.
Respuesta
Si se ejecuta correctamente, este método devuelve un 200 OK código de respuesta y una colección de objetos tiIndicator en el cuerpo de la respuesta. Si se produce un error, este método devuelve un código de 206 Partial Content respuesta. Consulte Errores para obtener más información.
Ejemplos
En el siguiente ejemplo se muestra cómo llamar a esta API.
Solicitud
En el ejemplo siguiente se muestra la solicitud.
POST https://graph.microsoft.com/beta/security/tiIndicators/submitTiIndicators
Content-Type: application/json
{
"value": [
{
"activityGroupNames": [],
"confidence": 0,
"description": "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
"expirationDateTime": "2019-03-01T21:44:03.1668987+00:00",
"externalId": "Test--8586509942423126760MS164-0",
"fileHashType": "sha256",
"fileHashValue": "b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6",
"killChain": [],
"malwareFamilyNames": [],
"severity": 0,
"tags": [],
"targetProduct": "Azure Sentinel",
"threatType": "WatchList",
"tlpLevel": "green",
},
{
"activityGroupNames": [],
"confidence": 0,
"description": "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
"expirationDateTime": "2019-03-01T21:44:03.1748779+00:00",
"externalId": "Test--8586509942423126760MS164-1",
"fileHashType": "sha256",
"fileHashValue": "1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b",
"killChain": [],
"malwareFamilyNames": [],
"severity": 0,
"tags": [],
"targetProduct": "Azure Sentinel",
"threatType": "WatchList",
"tlpLevel": "green",
}
]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Security.TiIndicators.SubmitTiIndicators;
using Microsoft.Graph.Beta.Models;
var requestBody = new SubmitTiIndicatorsPostRequestBody
{
Value = new List<TiIndicator>
{
new TiIndicator
{
ActivityGroupNames = new List<string>
{
},
Confidence = 0,
Description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
ExpirationDateTime = DateTimeOffset.Parse("2019-03-01T21:44:03.1668987+00:00"),
ExternalId = "Test--8586509942423126760MS164-0",
FileHashType = FileHashType.Sha256,
FileHashValue = "b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6",
KillChain = new List<string>
{
},
MalwareFamilyNames = new List<string>
{
},
Severity = 0,
Tags = new List<string>
{
},
TargetProduct = "Azure Sentinel",
ThreatType = "WatchList",
TlpLevel = TlpLevel.Green,
},
new TiIndicator
{
ActivityGroupNames = new List<string>
{
},
Confidence = 0,
Description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
ExpirationDateTime = DateTimeOffset.Parse("2019-03-01T21:44:03.1748779+00:00"),
ExternalId = "Test--8586509942423126760MS164-1",
FileHashType = FileHashType.Sha256,
FileHashValue = "1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b",
KillChain = new List<string>
{
},
MalwareFamilyNames = new List<string>
{
},
Severity = 0,
Tags = new List<string>
{
},
TargetProduct = "Azure Sentinel",
ThreatType = "WatchList",
TlpLevel = TlpLevel.Green,
},
},
};
// To initialize your graphClient, see https://v4.hkg1.meaqua.org/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Security.TiIndicators.SubmitTiIndicators.PostAsSubmitTiIndicatorsPostResponseAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphsecurity "github.com/microsoftgraph/msgraph-beta-sdk-go/security"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphsecurity.NewSubmitTiIndicatorsPostRequestBody()
tiIndicator := graphmodels.NewTiIndicator()
activityGroupNames := []string {
}
tiIndicator.SetActivityGroupNames(activityGroupNames)
confidence := int32(0)
tiIndicator.SetConfidence(&confidence)
description := "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator."
tiIndicator.SetDescription(&description)
expirationDateTime , err := time.Parse(time.RFC3339, "2019-03-01T21:44:03.1668987+00:00")
tiIndicator.SetExpirationDateTime(&expirationDateTime)
externalId := "Test--8586509942423126760MS164-0"
tiIndicator.SetExternalId(&externalId)
fileHashType := graphmodels.SHA256_FILEHASHTYPE
tiIndicator.SetFileHashType(&fileHashType)
fileHashValue := "b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6"
tiIndicator.SetFileHashValue(&fileHashValue)
killChain := []string {
}
tiIndicator.SetKillChain(killChain)
malwareFamilyNames := []string {
}
tiIndicator.SetMalwareFamilyNames(malwareFamilyNames)
severity := int32(0)
tiIndicator.SetSeverity(&severity)
tags := []string {
}
tiIndicator.SetTags(tags)
targetProduct := "Azure Sentinel"
tiIndicator.SetTargetProduct(&targetProduct)
threatType := "WatchList"
tiIndicator.SetThreatType(&threatType)
tlpLevel := graphmodels.GREEN_TLPLEVEL
tiIndicator.SetTlpLevel(&tlpLevel)
tiIndicator1 := graphmodels.NewTiIndicator()
activityGroupNames := []string {
}
tiIndicator1.SetActivityGroupNames(activityGroupNames)
confidence := int32(0)
tiIndicator1.SetConfidence(&confidence)
description := "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator."
tiIndicator1.SetDescription(&description)
expirationDateTime , err := time.Parse(time.RFC3339, "2019-03-01T21:44:03.1748779+00:00")
tiIndicator1.SetExpirationDateTime(&expirationDateTime)
externalId := "Test--8586509942423126760MS164-1"
tiIndicator1.SetExternalId(&externalId)
fileHashType := graphmodels.SHA256_FILEHASHTYPE
tiIndicator1.SetFileHashType(&fileHashType)
fileHashValue := "1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b"
tiIndicator1.SetFileHashValue(&fileHashValue)
killChain := []string {
}
tiIndicator1.SetKillChain(killChain)
malwareFamilyNames := []string {
}
tiIndicator1.SetMalwareFamilyNames(malwareFamilyNames)
severity := int32(0)
tiIndicator1.SetSeverity(&severity)
tags := []string {
}
tiIndicator1.SetTags(tags)
targetProduct := "Azure Sentinel"
tiIndicator1.SetTargetProduct(&targetProduct)
threatType := "WatchList"
tiIndicator1.SetThreatType(&threatType)
tlpLevel := graphmodels.GREEN_TLPLEVEL
tiIndicator1.SetTlpLevel(&tlpLevel)
value := []graphmodels.TiIndicatorable {
tiIndicator,
tiIndicator1,
}
requestBody.SetValue(value)
// To initialize your graphClient, see https://v4.hkg1.meaqua.org/en-us/graph/sdks/create-client?from=snippets&tabs=go
submitTiIndicators, err := graphClient.Security().TiIndicators().SubmitTiIndicators().PostAsSubmitTiIndicatorsPostResponse(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.beta.security.tiindicators.submittiindicators.SubmitTiIndicatorsPostRequestBody submitTiIndicatorsPostRequestBody = new com.microsoft.graph.beta.security.tiindicators.submittiindicators.SubmitTiIndicatorsPostRequestBody();
LinkedList<TiIndicator> value = new LinkedList<TiIndicator>();
TiIndicator tiIndicator = new TiIndicator();
LinkedList<String> activityGroupNames = new LinkedList<String>();
tiIndicator.setActivityGroupNames(activityGroupNames);
tiIndicator.setConfidence(0);
tiIndicator.setDescription("This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.");
OffsetDateTime expirationDateTime = OffsetDateTime.parse("2019-03-01T21:44:03.1668987+00:00");
tiIndicator.setExpirationDateTime(expirationDateTime);
tiIndicator.setExternalId("Test--8586509942423126760MS164-0");
tiIndicator.setFileHashType(FileHashType.Sha256);
tiIndicator.setFileHashValue("b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6");
LinkedList<String> killChain = new LinkedList<String>();
tiIndicator.setKillChain(killChain);
LinkedList<String> malwareFamilyNames = new LinkedList<String>();
tiIndicator.setMalwareFamilyNames(malwareFamilyNames);
tiIndicator.setSeverity(0);
LinkedList<String> tags = new LinkedList<String>();
tiIndicator.setTags(tags);
tiIndicator.setTargetProduct("Azure Sentinel");
tiIndicator.setThreatType("WatchList");
tiIndicator.setTlpLevel(TlpLevel.Green);
value.add(tiIndicator);
TiIndicator tiIndicator1 = new TiIndicator();
LinkedList<String> activityGroupNames1 = new LinkedList<String>();
tiIndicator1.setActivityGroupNames(activityGroupNames1);
tiIndicator1.setConfidence(0);
tiIndicator1.setDescription("This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.");
OffsetDateTime expirationDateTime1 = OffsetDateTime.parse("2019-03-01T21:44:03.1748779+00:00");
tiIndicator1.setExpirationDateTime(expirationDateTime1);
tiIndicator1.setExternalId("Test--8586509942423126760MS164-1");
tiIndicator1.setFileHashType(FileHashType.Sha256);
tiIndicator1.setFileHashValue("1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b");
LinkedList<String> killChain1 = new LinkedList<String>();
tiIndicator1.setKillChain(killChain1);
LinkedList<String> malwareFamilyNames1 = new LinkedList<String>();
tiIndicator1.setMalwareFamilyNames(malwareFamilyNames1);
tiIndicator1.setSeverity(0);
LinkedList<String> tags1 = new LinkedList<String>();
tiIndicator1.setTags(tags1);
tiIndicator1.setTargetProduct("Azure Sentinel");
tiIndicator1.setThreatType("WatchList");
tiIndicator1.setTlpLevel(TlpLevel.Green);
value.add(tiIndicator1);
submitTiIndicatorsPostRequestBody.setValue(value);
var result = graphClient.security().tiIndicators().submitTiIndicators().post(submitTiIndicatorsPostRequestBody);
const options = {
authProvider,
};
const client = Client.init(options);
const tiIndicator = {
value: [
{
activityGroupNames: [],
confidence: 0,
description: 'This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.',
expirationDateTime: '2019-03-01T21:44:03.1668987+00:00',
externalId: 'Test--8586509942423126760MS164-0',
fileHashType: 'sha256',
fileHashValue: 'b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6',
killChain: [],
malwareFamilyNames: [],
severity: 0,
tags: [],
targetProduct: 'Azure Sentinel',
threatType: 'WatchList',
tlpLevel: 'green',
},
{
activityGroupNames: [],
confidence: 0,
description: 'This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.',
expirationDateTime: '2019-03-01T21:44:03.1748779+00:00',
externalId: 'Test--8586509942423126760MS164-1',
fileHashType: 'sha256',
fileHashValue: '1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b',
killChain: [],
malwareFamilyNames: [],
severity: 0,
tags: [],
targetProduct: 'Azure Sentinel',
threatType: 'WatchList',
tlpLevel: 'green',
}
]
};
await client.api('/security/tiIndicators/submitTiIndicators')
.version('beta')
.post(tiIndicator);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Security\TiIndicators\SubmitTiIndicators\SubmitTiIndicatorsPostRequestBody;
use Microsoft\Graph\Beta\Generated\Models\TiIndicator;
use Microsoft\Graph\Beta\Generated\Models\FileHashType;
use Microsoft\Graph\Beta\Generated\Models\TlpLevel;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new SubmitTiIndicatorsPostRequestBody();
$valueTiIndicator1 = new TiIndicator();
$valueTiIndicator1->setActivityGroupNames([ ]);
$valueTiIndicator1->setConfidence(0);
$valueTiIndicator1->setDescription('This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.');
$valueTiIndicator1->setExpirationDateTime(new \DateTime('2019-03-01T21:44:03.1668987+00:00'));
$valueTiIndicator1->setExternalId('Test--8586509942423126760MS164-0');
$valueTiIndicator1->setFileHashType(new FileHashType('sha256'));
$valueTiIndicator1->setFileHashValue('b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6');
$valueTiIndicator1->setKillChain([ ]);
$valueTiIndicator1->setMalwareFamilyNames([ ]);
$valueTiIndicator1->setSeverity(0);
$valueTiIndicator1->setTags([ ]);
$valueTiIndicator1->setTargetProduct('Azure Sentinel');
$valueTiIndicator1->setThreatType('WatchList');
$valueTiIndicator1->setTlpLevel(new TlpLevel('green'));
$valueArray []= $valueTiIndicator1;
$valueTiIndicator2 = new TiIndicator();
$valueTiIndicator2->setActivityGroupNames([ ]);
$valueTiIndicator2->setConfidence(0);
$valueTiIndicator2->setDescription('This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.');
$valueTiIndicator2->setExpirationDateTime(new \DateTime('2019-03-01T21:44:03.1748779+00:00'));
$valueTiIndicator2->setExternalId('Test--8586509942423126760MS164-1');
$valueTiIndicator2->setFileHashType(new FileHashType('sha256'));
$valueTiIndicator2->setFileHashValue('1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b');
$valueTiIndicator2->setKillChain([ ]);
$valueTiIndicator2->setMalwareFamilyNames([ ]);
$valueTiIndicator2->setSeverity(0);
$valueTiIndicator2->setTags([ ]);
$valueTiIndicator2->setTargetProduct('Azure Sentinel');
$valueTiIndicator2->setThreatType('WatchList');
$valueTiIndicator2->setTlpLevel(new TlpLevel('green'));
$valueArray []= $valueTiIndicator2;
$requestBody->setValue($valueArray);
$result = $graphServiceClient->security()->tiIndicators()->submitTiIndicators()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Security
$params = @{
value = @(
@{
activityGroupNames = @(
)
confidence = 0
description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator."
expirationDateTime = [System.DateTime]::Parse("2019-03-01T21:44:03.1668987+00:00")
externalId = "Test--8586509942423126760MS164-0"
fileHashType = "sha256"
fileHashValue = "b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6"
killChain = @(
)
malwareFamilyNames = @(
)
severity = 0
tags = @(
)
targetProduct = "Azure Sentinel"
threatType = "WatchList"
tlpLevel = "green"
}
@{
activityGroupNames = @(
)
confidence = 0
description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator."
expirationDateTime = [System.DateTime]::Parse("2019-03-01T21:44:03.1748779+00:00")
externalId = "Test--8586509942423126760MS164-1"
fileHashType = "sha256"
fileHashValue = "1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b"
killChain = @(
)
malwareFamilyNames = @(
)
severity = 0
tags = @(
)
targetProduct = "Azure Sentinel"
threatType = "WatchList"
tlpLevel = "green"
}
)
}
Submit-MgBetaSecurityTiIndicator -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.security.tiindicators.submit_ti_indicators.submit_ti_indicators_post_request_body import SubmitTiIndicatorsPostRequestBody
from msgraph_beta.generated.models.ti_indicator import TiIndicator
from msgraph_beta.generated.models.file_hash_type import FileHashType
from msgraph_beta.generated.models.tlp_level import TlpLevel
# To initialize your graph_client, see https://v4.hkg1.meaqua.org/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = SubmitTiIndicatorsPostRequestBody(
value = [
TiIndicator(
activity_group_names = [
],
confidence = 0,
description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
expiration_date_time = "2019-03-01T21:44:03.1668987+00:00",
external_id = "Test--8586509942423126760MS164-0",
file_hash_type = FileHashType.Sha256,
file_hash_value = "b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6",
kill_chain = [
],
malware_family_names = [
],
severity = 0,
tags = [
],
target_product = "Azure Sentinel",
threat_type = "WatchList",
tlp_level = TlpLevel.Green,
),
TiIndicator(
activity_group_names = [
],
confidence = 0,
description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
expiration_date_time = "2019-03-01T21:44:03.1748779+00:00",
external_id = "Test--8586509942423126760MS164-1",
file_hash_type = FileHashType.Sha256,
file_hash_value = "1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b",
kill_chain = [
],
malware_family_names = [
],
severity = 0,
tags = [
],
target_product = "Azure Sentinel",
threat_type = "WatchList",
tlp_level = TlpLevel.Green,
),
],
)
result = await graph_client.security.ti_indicators.submit_ti_indicators.post(request_body)
Respuesta
En el ejemplo siguiente se muestra la respuesta.
Nota:
El objeto de respuesta que se muestra aquí puede estar acortado para mejorar la legibilidad.
HTTP/1.1 200 OK
Content-type: application/json
{
"value": [
{
"@odata.type": "#microsoft.graph.tiIndicator",
"id": "c6fb948b-89c5-3bba-a2cd-a9d9a1e430e4",
"azureTenantId": "XXXXXXXXXXXXXXXXXXXXX",
"action": null,
"additionalInformation": null,
"activityGroupNames": [],
"confidence": 0,
"description": "This is a test indicator for demo purpose. Take no action on any observables set in this indicator.",
}
]
}