Cargue varios indicadores de inteligencia sobre amenazas (TI) en una solicitud en lugar de varias solicitudes.
Elija el permiso o los permisos marcados como con privilegios mínimos para esta API. Use un permiso o permisos con privilegios superiores solo si la aplicación lo requiere. Para obtener más información sobre los permisos delegados y de aplicación, consulte Tipos de permisos. Para obtener más información sobre estos permisos, consulte la referencia de permisos.
En el cuerpo de la solicitud, proporcione un objeto JSON con los siguientes parámetros.
En el siguiente ejemplo se muestra cómo llamar a esta API.
En el ejemplo siguiente se muestra la solicitud.
POST https://graph.microsoft.com/beta/security/tiIndicators/submitTiIndicators
Content-Type: application/json
{
"value": [
{
"activityGroupNames": [],
"confidence": 0,
"description": "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
"expirationDateTime": "2019-03-01T21:44:03.1668987+00:00",
"externalId": "Test--8586509942423126760MS164-0",
"fileHashType": "sha256",
"fileHashValue": "b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6",
"killChain": [],
"malwareFamilyNames": [],
"severity": 0,
"tags": [],
"targetProduct": "Azure Sentinel",
"threatType": "WatchList",
"tlpLevel": "green",
},
{
"activityGroupNames": [],
"confidence": 0,
"description": "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
"expirationDateTime": "2019-03-01T21:44:03.1748779+00:00",
"externalId": "Test--8586509942423126760MS164-1",
"fileHashType": "sha256",
"fileHashValue": "1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b",
"killChain": [],
"malwareFamilyNames": [],
"severity": 0,
"tags": [],
"targetProduct": "Azure Sentinel",
"threatType": "WatchList",
"tlpLevel": "green",
}
]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Security.TiIndicators.SubmitTiIndicators;
using Microsoft.Graph.Beta.Models;
var requestBody = new SubmitTiIndicatorsPostRequestBody
{
Value = new List<TiIndicator>
{
new TiIndicator
{
ActivityGroupNames = new List<string>
{
},
Confidence = 0,
Description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
ExpirationDateTime = DateTimeOffset.Parse("2019-03-01T21:44:03.1668987+00:00"),
ExternalId = "Test--8586509942423126760MS164-0",
FileHashType = FileHashType.Sha256,
FileHashValue = "b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6",
KillChain = new List<string>
{
},
MalwareFamilyNames = new List<string>
{
},
Severity = 0,
Tags = new List<string>
{
},
TargetProduct = "Azure Sentinel",
ThreatType = "WatchList",
TlpLevel = TlpLevel.Green,
},
new TiIndicator
{
ActivityGroupNames = new List<string>
{
},
Confidence = 0,
Description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
ExpirationDateTime = DateTimeOffset.Parse("2019-03-01T21:44:03.1748779+00:00"),
ExternalId = "Test--8586509942423126760MS164-1",
FileHashType = FileHashType.Sha256,
FileHashValue = "1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b",
KillChain = new List<string>
{
},
MalwareFamilyNames = new List<string>
{
},
Severity = 0,
Tags = new List<string>
{
},
TargetProduct = "Azure Sentinel",
ThreatType = "WatchList",
TlpLevel = TlpLevel.Green,
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Security.TiIndicators.SubmitTiIndicators.PostAsSubmitTiIndicatorsPostResponseAsync(requestBody);
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta security ti-indicators submit-ti-indicators post --body '{\
"value": [\
{\
"activityGroupNames": [],\
"confidence": 0,\
"description": "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",\
"expirationDateTime": "2019-03-01T21:44:03.1668987+00:00",\
"externalId": "Test--8586509942423126760MS164-0",\
"fileHashType": "sha256",\
"fileHashValue": "b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6",\
"killChain": [],\
"malwareFamilyNames": [],\
"severity": 0,\
"tags": [],\
"targetProduct": "Azure Sentinel",\
"threatType": "WatchList",\
"tlpLevel": "green",\
},\
{\
"activityGroupNames": [],\
"confidence": 0,\
"description": "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",\
"expirationDateTime": "2019-03-01T21:44:03.1748779+00:00",\
"externalId": "Test--8586509942423126760MS164-1",\
"fileHashType": "sha256",\
"fileHashValue": "1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b",\
"killChain": [],\
"malwareFamilyNames": [],\
"severity": 0,\
"tags": [],\
"targetProduct": "Azure Sentinel",\
"threatType": "WatchList",\
"tlpLevel": "green",\
}\
]\
}\
'
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphsecurity "github.com/microsoftgraph/msgraph-beta-sdk-go/security"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphsecurity.NewSubmitTiIndicatorsPostRequestBody()
tiIndicator := graphmodels.NewTiIndicator()
activityGroupNames := []string {
}
tiIndicator.SetActivityGroupNames(activityGroupNames)
confidence := int32(0)
tiIndicator.SetConfidence(&confidence)
description := "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator."
tiIndicator.SetDescription(&description)
expirationDateTime , err := time.Parse(time.RFC3339, "2019-03-01T21:44:03.1668987+00:00")
tiIndicator.SetExpirationDateTime(&expirationDateTime)
externalId := "Test--8586509942423126760MS164-0"
tiIndicator.SetExternalId(&externalId)
fileHashType := graphmodels.SHA256_FILEHASHTYPE
tiIndicator.SetFileHashType(&fileHashType)
fileHashValue := "b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6"
tiIndicator.SetFileHashValue(&fileHashValue)
killChain := []string {
}
tiIndicator.SetKillChain(killChain)
malwareFamilyNames := []string {
}
tiIndicator.SetMalwareFamilyNames(malwareFamilyNames)
severity := int32(0)
tiIndicator.SetSeverity(&severity)
tags := []string {
}
tiIndicator.SetTags(tags)
targetProduct := "Azure Sentinel"
tiIndicator.SetTargetProduct(&targetProduct)
threatType := "WatchList"
tiIndicator.SetThreatType(&threatType)
tlpLevel := graphmodels.GREEN_TLPLEVEL
tiIndicator.SetTlpLevel(&tlpLevel)
tiIndicator1 := graphmodels.NewTiIndicator()
activityGroupNames := []string {
}
tiIndicator1.SetActivityGroupNames(activityGroupNames)
confidence := int32(0)
tiIndicator1.SetConfidence(&confidence)
description := "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator."
tiIndicator1.SetDescription(&description)
expirationDateTime , err := time.Parse(time.RFC3339, "2019-03-01T21:44:03.1748779+00:00")
tiIndicator1.SetExpirationDateTime(&expirationDateTime)
externalId := "Test--8586509942423126760MS164-1"
tiIndicator1.SetExternalId(&externalId)
fileHashType := graphmodels.SHA256_FILEHASHTYPE
tiIndicator1.SetFileHashType(&fileHashType)
fileHashValue := "1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b"
tiIndicator1.SetFileHashValue(&fileHashValue)
killChain := []string {
}
tiIndicator1.SetKillChain(killChain)
malwareFamilyNames := []string {
}
tiIndicator1.SetMalwareFamilyNames(malwareFamilyNames)
severity := int32(0)
tiIndicator1.SetSeverity(&severity)
tags := []string {
}
tiIndicator1.SetTags(tags)
targetProduct := "Azure Sentinel"
tiIndicator1.SetTargetProduct(&targetProduct)
threatType := "WatchList"
tiIndicator1.SetThreatType(&threatType)
tlpLevel := graphmodels.GREEN_TLPLEVEL
tiIndicator1.SetTlpLevel(&tlpLevel)
value := []graphmodels.TiIndicatorable {
tiIndicator,
tiIndicator1,
}
requestBody.SetValue(value)
submitTiIndicators, err := graphClient.Security().TiIndicators().SubmitTiIndicators().PostAsSubmitTiIndicatorsPostResponse(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.beta.security.tiindicators.submittiindicators.SubmitTiIndicatorsPostRequestBody submitTiIndicatorsPostRequestBody = new com.microsoft.graph.beta.security.tiindicators.submittiindicators.SubmitTiIndicatorsPostRequestBody();
LinkedList<TiIndicator> value = new LinkedList<TiIndicator>();
TiIndicator tiIndicator = new TiIndicator();
LinkedList<String> activityGroupNames = new LinkedList<String>();
tiIndicator.setActivityGroupNames(activityGroupNames);
tiIndicator.setConfidence(0);
tiIndicator.setDescription("This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.");
OffsetDateTime expirationDateTime = OffsetDateTime.parse("2019-03-01T21:44:03.1668987+00:00");
tiIndicator.setExpirationDateTime(expirationDateTime);
tiIndicator.setExternalId("Test--8586509942423126760MS164-0");
tiIndicator.setFileHashType(FileHashType.Sha256);
tiIndicator.setFileHashValue("b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6");
LinkedList<String> killChain = new LinkedList<String>();
tiIndicator.setKillChain(killChain);
LinkedList<String> malwareFamilyNames = new LinkedList<String>();
tiIndicator.setMalwareFamilyNames(malwareFamilyNames);
tiIndicator.setSeverity(0);
LinkedList<String> tags = new LinkedList<String>();
tiIndicator.setTags(tags);
tiIndicator.setTargetProduct("Azure Sentinel");
tiIndicator.setThreatType("WatchList");
tiIndicator.setTlpLevel(TlpLevel.Green);
value.add(tiIndicator);
TiIndicator tiIndicator1 = new TiIndicator();
LinkedList<String> activityGroupNames1 = new LinkedList<String>();
tiIndicator1.setActivityGroupNames(activityGroupNames1);
tiIndicator1.setConfidence(0);
tiIndicator1.setDescription("This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.");
OffsetDateTime expirationDateTime1 = OffsetDateTime.parse("2019-03-01T21:44:03.1748779+00:00");
tiIndicator1.setExpirationDateTime(expirationDateTime1);
tiIndicator1.setExternalId("Test--8586509942423126760MS164-1");
tiIndicator1.setFileHashType(FileHashType.Sha256);
tiIndicator1.setFileHashValue("1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b");
LinkedList<String> killChain1 = new LinkedList<String>();
tiIndicator1.setKillChain(killChain1);
LinkedList<String> malwareFamilyNames1 = new LinkedList<String>();
tiIndicator1.setMalwareFamilyNames(malwareFamilyNames1);
tiIndicator1.setSeverity(0);
LinkedList<String> tags1 = new LinkedList<String>();
tiIndicator1.setTags(tags1);
tiIndicator1.setTargetProduct("Azure Sentinel");
tiIndicator1.setThreatType("WatchList");
tiIndicator1.setTlpLevel(TlpLevel.Green);
value.add(tiIndicator1);
submitTiIndicatorsPostRequestBody.setValue(value);
var result = graphClient.security().tiIndicators().submitTiIndicators().post(submitTiIndicatorsPostRequestBody);
const options = {
authProvider,
};
const client = Client.init(options);
const tiIndicator = {
value: [
{
activityGroupNames: [],
confidence: 0,
description: 'This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.',
expirationDateTime: '2019-03-01T21:44:03.1668987+00:00',
externalId: 'Test--8586509942423126760MS164-0',
fileHashType: 'sha256',
fileHashValue: 'b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6',
killChain: [],
malwareFamilyNames: [],
severity: 0,
tags: [],
targetProduct: 'Azure Sentinel',
threatType: 'WatchList',
tlpLevel: 'green',
},
{
activityGroupNames: [],
confidence: 0,
description: 'This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.',
expirationDateTime: '2019-03-01T21:44:03.1748779+00:00',
externalId: 'Test--8586509942423126760MS164-1',
fileHashType: 'sha256',
fileHashValue: '1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b',
killChain: [],
malwareFamilyNames: [],
severity: 0,
tags: [],
targetProduct: 'Azure Sentinel',
threatType: 'WatchList',
tlpLevel: 'green',
}
]
};
await client.api('/security/tiIndicators/submitTiIndicators')
.version('beta')
.post(tiIndicator);
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\SubmitTiIndicatorsPostRequestBody;
use Microsoft\Graph\Generated\Models\TiIndicator;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new SubmitTiIndicatorsPostRequestBody();
$valueTiIndicator1 = new TiIndicator();
$valueTiIndicator1->setActivityGroupNames([ ]);
$valueTiIndicator1->setConfidence(0);
$valueTiIndicator1->setDescription('This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.');
$valueTiIndicator1->setExpirationDateTime(new \DateTime('2019-03-01T21:44:03.1668987+00:00'));
$valueTiIndicator1->setExternalId('Test--8586509942423126760MS164-0');
$valueTiIndicator1->setFileHashType(new FileHashType('sha256'));
$valueTiIndicator1->setFileHashValue('b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6');
$valueTiIndicator1->setKillChain([ ]);
$valueTiIndicator1->setMalwareFamilyNames([ ]);
$valueTiIndicator1->setSeverity(0);
$valueTiIndicator1->setTags([ ]);
$valueTiIndicator1->setTargetProduct('Azure Sentinel');
$valueTiIndicator1->setThreatType('WatchList');
$valueTiIndicator1->setTlpLevel(new TlpLevel('green'));
$valueArray []= $valueTiIndicator1;
$valueTiIndicator2 = new TiIndicator();
$valueTiIndicator2->setActivityGroupNames([ ]);
$valueTiIndicator2->setConfidence(0);
$valueTiIndicator2->setDescription('This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.');
$valueTiIndicator2->setExpirationDateTime(new \DateTime('2019-03-01T21:44:03.1748779+00:00'));
$valueTiIndicator2->setExternalId('Test--8586509942423126760MS164-1');
$valueTiIndicator2->setFileHashType(new FileHashType('sha256'));
$valueTiIndicator2->setFileHashValue('1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b');
$valueTiIndicator2->setKillChain([ ]);
$valueTiIndicator2->setMalwareFamilyNames([ ]);
$valueTiIndicator2->setSeverity(0);
$valueTiIndicator2->setTags([ ]);
$valueTiIndicator2->setTargetProduct('Azure Sentinel');
$valueTiIndicator2->setThreatType('WatchList');
$valueTiIndicator2->setTlpLevel(new TlpLevel('green'));
$valueArray []= $valueTiIndicator2;
$requestBody->setValue($valueArray);
$result = $graphServiceClient->security()->tiIndicators()->submitTiIndicators()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Security
$params = @{
value = @(
@{
activityGroupNames = @(
)
confidence = 0
description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator."
expirationDateTime = [System.DateTime]::Parse("2019-03-01T21:44:03.1668987+00:00")
externalId = "Test--8586509942423126760MS164-0"
fileHashType = "sha256"
fileHashValue = "b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6"
killChain = @(
)
malwareFamilyNames = @(
)
severity = 0
tags = @(
)
targetProduct = "Azure Sentinel"
threatType = "WatchList"
tlpLevel = "green"
}
@{
activityGroupNames = @(
)
confidence = 0
description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator."
expirationDateTime = [System.DateTime]::Parse("2019-03-01T21:44:03.1748779+00:00")
externalId = "Test--8586509942423126760MS164-1"
fileHashType = "sha256"
fileHashValue = "1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b"
killChain = @(
)
malwareFamilyNames = @(
)
severity = 0
tags = @(
)
targetProduct = "Azure Sentinel"
threatType = "WatchList"
tlpLevel = "green"
}
)
}
Submit-MgBetaSecurityTiIndicator -BodyParameter $params
from msgraph import GraphServiceClient
from msgraph.generated.security.tiindicators.submit_ti_indicators.submit_ti_indicators_post_request_body import SubmitTiIndicatorsPostRequestBody
from msgraph.generated.models.ti_indicator import TiIndicator
graph_client = GraphServiceClient(credentials, scopes)
request_body = SubmitTiIndicatorsPostRequestBody(
value = [
TiIndicator(
activity_group_names = [
],
confidence = 0,
description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
expiration_date_time = "2019-03-01T21:44:03.1668987+00:00",
external_id = "Test--8586509942423126760MS164-0",
file_hash_type = FileHashType.Sha256,
file_hash_value = "b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6",
kill_chain = [
],
malware_family_names = [
],
severity = 0,
tags = [
],
target_product = "Azure Sentinel",
threat_type = "WatchList",
tlp_level = TlpLevel.Green,
),
TiIndicator(
activity_group_names = [
],
confidence = 0,
description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
expiration_date_time = "2019-03-01T21:44:03.1748779+00:00",
external_id = "Test--8586509942423126760MS164-1",
file_hash_type = FileHashType.Sha256,
file_hash_value = "1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b",
kill_chain = [
],
malware_family_names = [
],
severity = 0,
tags = [
],
target_product = "Azure Sentinel",
threat_type = "WatchList",
tlp_level = TlpLevel.Green,
),
],
)
result = await graph_client.security.ti_indicators.submit_ti_indicators.post(request_body)
En el ejemplo siguiente se muestra la respuesta.