Investigation resource type
Applies to:
Want to experience Defender for Endpoint? Sign up for a free trial.
Note
If you are a US Government customer, please use the URIs listed in Microsoft Defender for Endpoint for US Government customers.
Tip
For better performance, you can use server closer to your geo location:
- us.api.security.microsoft.com
- eu.api.security.microsoft.com
- uk.api.security.microsoft.com
- au.api.security.microsoft.com
- swa.api.security.microsoft.com
Represent an Automated Investigation entity in Defender for Endpoint.
For more information, see Overview of automated investigations.
Methods
Method | Return Type | Description |
---|---|---|
List Investigations | Investigation collection | Get collection of Investigation |
Get single Investigation | Investigation entity | Gets single Investigation entity. |
Start Investigation | Investigation entity | Starts Investigation on a device. |
Properties
Property | Type | Description |
---|---|---|
ID | String | Identity of the investigation entity. |
startTime | DateTime Nullable | The date and time when the investigation was created. |
endTime | DateTime Nullable | The date and time when the investigation was completed. |
cancelledBy | String | The ID of the user/application that canceled that investigation. |
State | Enum | The current state of the investigation. Possible values are: 'Unknown', 'Terminated', 'SuccessfullyRemediated', 'Benign', 'Failed', 'PartiallyRemediated', 'Running', 'PendingApproval', 'PendingResource', 'PartiallyInvestigated', 'TerminatedByUser', 'TerminatedBySystem', 'Queued', 'InnerFailure', 'PreexistingAlert', 'UnsupportedOs', 'UnsupportedAlertType', 'SuppressedAlert'. |
statusDetails | String | Additional information about the state of the investigation. |
machineId | String | The ID of the device on which the investigation is executed. |
computerDnsName | String | The name of the device on which the investigation is executed. |
triggeringAlertId | String | The ID of the alert that triggered the investigation. |
Json representation
{
"id": "63004",
"startTime": "2020-01-06T13:05:15Z",
"endTime": null,
"state": "Running",
"cancelledBy": null,
"statusDetails": null,
"machineId": "e828a0624ed33f919db541065190d2f75e50a071",
"computerDnsName": "desktop-test123",
"triggeringAlertId": "da637139127150012465_1011995739"
}
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.
Σχόλια
https://aka.ms/ContentUserFeedback.
Σύντομα διαθέσιμα: Καθ' όλη τη διάρκεια του 2024 θα καταργήσουμε σταδιακά τα ζητήματα GitHub ως μηχανισμό ανάδρασης για το περιεχόμενο και θα το αντικαταστήσουμε με ένα νέο σύστημα ανάδρασης. Για περισσότερες πληροφορίες, ανατρέξτε στο θέμα:Υποβολή και προβολή σχολίων για