POST https://graph.microsoft.com/beta/security/tiIndicators/submitTiIndicators
Content-Type: application/json
{
"value": [
{
"activityGroupNames": [],
"confidence": 0,
"description": "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
"expirationDateTime": "2019-03-01T21:44:03.1668987+00:00",
"externalId": "Test--8586509942423126760MS164-0",
"fileHashType": "sha256",
"fileHashValue": "b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6",
"killChain": [],
"malwareFamilyNames": [],
"severity": 0,
"tags": [],
"targetProduct": "Azure Sentinel",
"threatType": "WatchList",
"tlpLevel": "green",
},
{
"activityGroupNames": [],
"confidence": 0,
"description": "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
"expirationDateTime": "2019-03-01T21:44:03.1748779+00:00",
"externalId": "Test--8586509942423126760MS164-1",
"fileHashType": "sha256",
"fileHashValue": "1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b",
"killChain": [],
"malwareFamilyNames": [],
"severity": 0,
"tags": [],
"targetProduct": "Azure Sentinel",
"threatType": "WatchList",
"tlpLevel": "green",
}
]
}
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var value = new List<TiIndicator>()
{
new TiIndicator
{
ActivityGroupNames = new List<String>()
{
},
Confidence = 0,
Description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
ExpirationDateTime = DateTimeOffset.Parse("2019-03-01T21:44:03.1668987+00:00"),
ExternalId = "Test--8586509942423126760MS164-0",
FileHashType = FileHashType.Sha256,
FileHashValue = "b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6",
KillChain = new List<String>()
{
},
MalwareFamilyNames = new List<String>()
{
},
Severity = 0,
Tags = new List<String>()
{
},
TargetProduct = "Azure Sentinel",
ThreatType = "WatchList",
TlpLevel = TlpLevel.Green
},
new TiIndicator
{
ActivityGroupNames = new List<String>()
{
},
Confidence = 0,
Description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
ExpirationDateTime = DateTimeOffset.Parse("2019-03-01T21:44:03.1748779+00:00"),
ExternalId = "Test--8586509942423126760MS164-1",
FileHashType = FileHashType.Sha256,
FileHashValue = "1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b",
KillChain = new List<String>()
{
},
MalwareFamilyNames = new List<String>()
{
},
Severity = 0,
Tags = new List<String>()
{
},
TargetProduct = "Azure Sentinel",
ThreatType = "WatchList",
TlpLevel = TlpLevel.Green
}
};
await graphClient.Security.TiIndicators
.SubmitTiIndicators(value)
.Request()
.PostAsync();
const options = {
authProvider,
};
const client = Client.init(options);
const tiIndicator = {
value: [
{
activityGroupNames: [],
confidence: 0,
description: 'This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.',
expirationDateTime: '2019-03-01T21:44:03.1668987+00:00',
externalId: 'Test--8586509942423126760MS164-0',
fileHashType: 'sha256',
fileHashValue: 'b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6',
killChain: [],
malwareFamilyNames: [],
severity: 0,
tags: [],
targetProduct: 'Azure Sentinel',
threatType: 'WatchList',
tlpLevel: 'green',
},
{
activityGroupNames: [],
confidence: 0,
description: 'This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.',
expirationDateTime: '2019-03-01T21:44:03.1748779+00:00',
externalId: 'Test--8586509942423126760MS164-1',
fileHashType: 'sha256',
fileHashValue: '1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b',
killChain: [],
malwareFamilyNames: [],
severity: 0,
tags: [],
targetProduct: 'Azure Sentinel',
threatType: 'WatchList',
tlpLevel: 'green',
}
]
};
await client.api('/security/tiIndicators/submitTiIndicators')
.version('beta')
.post(tiIndicator);
MSHTTPClient *httpClient = [MSClientFactory createHTTPClientWithAuthenticationProvider:authenticationProvider];
NSString *MSGraphBaseURL = @"https://graph.microsoft.com/beta/";
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[MSGraphBaseURL stringByAppendingString:@"/security/tiIndicators/submitTiIndicators"]]];
[urlRequest setHTTPMethod:@"POST"];
[urlRequest setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];
NSMutableDictionary *payloadDictionary = [[NSMutableDictionary alloc] init];
NSMutableArray *valueList = [[NSMutableArray alloc] init];
MSGraphTiIndicator *value = [[MSGraphTiIndicator alloc] init];
NSMutableArray *activityGroupNamesList = [[NSMutableArray alloc] init];
[value setActivityGroupNames:activityGroupNamesList];
[value setConfidence: 0];
[value setDescription:@"This is a canary indicator for demo purpose. Take no action on any observables set in this indicator."];
[value setExpirationDateTime: "2019-03-01T21:44:03.1668987+00:00"];
[value setExternalId:@"Test--8586509942423126760MS164-0"];
[value setFileHashType: [MSGraphFileHashType sha256]];
[value setFileHashValue:@"b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6"];
NSMutableArray *killChainList = [[NSMutableArray alloc] init];
[value setKillChain:killChainList];
NSMutableArray *malwareFamilyNamesList = [[NSMutableArray alloc] init];
[value setMalwareFamilyNames:malwareFamilyNamesList];
[value setSeverity: 0];
NSMutableArray *tagsList = [[NSMutableArray alloc] init];
[value setTags:tagsList];
[value setTargetProduct:@"Azure Sentinel"];
[value setThreatType:@"WatchList"];
[value setTlpLevel: [MSGraphTlpLevel green]];
[valueList addObject: value];
MSGraphTiIndicator *value = [[MSGraphTiIndicator alloc] init];
NSMutableArray *activityGroupNamesList = [[NSMutableArray alloc] init];
[value setActivityGroupNames:activityGroupNamesList];
[value setConfidence: 0];
[value setDescription:@"This is a canary indicator for demo purpose. Take no action on any observables set in this indicator."];
[value setExpirationDateTime: "2019-03-01T21:44:03.1748779+00:00"];
[value setExternalId:@"Test--8586509942423126760MS164-1"];
[value setFileHashType: [MSGraphFileHashType sha256]];
[value setFileHashValue:@"1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b"];
NSMutableArray *killChainList = [[NSMutableArray alloc] init];
[value setKillChain:killChainList];
NSMutableArray *malwareFamilyNamesList = [[NSMutableArray alloc] init];
[value setMalwareFamilyNames:malwareFamilyNamesList];
[value setSeverity: 0];
NSMutableArray *tagsList = [[NSMutableArray alloc] init];
[value setTags:tagsList];
[value setTargetProduct:@"Azure Sentinel"];
[value setThreatType:@"WatchList"];
[value setTlpLevel: [MSGraphTlpLevel green]];
[valueList addObject: value];
payloadDictionary[@"value"] = valueList;
NSData *data = [NSJSONSerialization dataWithJSONObject:payloadDictionary options:kNilOptions error:&error];
[urlRequest setHTTPBody:data];
MSURLSessionDataTask *meDataTask = [httpClient dataTaskWithRequest:urlRequest
completionHandler: ^(NSData *data, NSURLResponse *response, NSError *nserror) {
//Request Completed
}];
[meDataTask execute];
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
LinkedList<TiIndicator> valueList = new LinkedList<TiIndicator>();
TiIndicator value = new TiIndicator();
LinkedList<String> activityGroupNamesList = new LinkedList<String>();
value.activityGroupNames = activityGroupNamesList;
value.confidence = 0;
value.description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.";
value.expirationDateTime = OffsetDateTimeSerializer.deserialize("2019-03-01T21:44:03.1668987+00:00");
value.externalId = "Test--8586509942423126760MS164-0";
value.fileHashType = FileHashType.SHA256;
value.fileHashValue = "b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6";
LinkedList<String> killChainList = new LinkedList<String>();
value.killChain = killChainList;
LinkedList<String> malwareFamilyNamesList = new LinkedList<String>();
value.malwareFamilyNames = malwareFamilyNamesList;
value.severity = 0;
LinkedList<String> tagsList = new LinkedList<String>();
value.tags = tagsList;
value.targetProduct = "Azure Sentinel";
value.threatType = "WatchList";
value.tlpLevel = TlpLevel.GREEN;
valueList.add(value);
TiIndicator value1 = new TiIndicator();
LinkedList<String> activityGroupNamesList1 = new LinkedList<String>();
value1.activityGroupNames = activityGroupNamesList1;
value1.confidence = 0;
value1.description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.";
value1.expirationDateTime = OffsetDateTimeSerializer.deserialize("2019-03-01T21:44:03.1748779+00:00");
value1.externalId = "Test--8586509942423126760MS164-1";
value1.fileHashType = FileHashType.SHA256;
value1.fileHashValue = "1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b";
LinkedList<String> killChainList1 = new LinkedList<String>();
value1.killChain = killChainList1;
LinkedList<String> malwareFamilyNamesList1 = new LinkedList<String>();
value1.malwareFamilyNames = malwareFamilyNamesList1;
value1.severity = 0;
LinkedList<String> tagsList1 = new LinkedList<String>();
value1.tags = tagsList1;
value1.targetProduct = "Azure Sentinel";
value1.threatType = "WatchList";
value1.tlpLevel = TlpLevel.GREEN;
valueList.add(value1);
TiIndicatorCollectionResponse tiIndicatorCollectionResponse = new TiIndicatorCollectionResponse();
tiIndicatorCollectionResponse.value = valueList;
TiIndicatorCollectionPage tiIndicatorCollectionPage = new TiIndicatorCollectionPage(tiIndicatorCollectionResponse, null);
graphClient.security().tiIndicators()
.submitTiIndicators(TiIndicatorSubmitTiIndicatorsParameterSet
.newBuilder()
.withValue(valueList)
.build())
.buildRequest()
.post();
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
result, err := graphClient.Security().TiIndicators().SubmitTiIndicators().Post(nil)
Import-Module Microsoft.Graph.Security
$params = @{
Value = @(
@{
ActivityGroupNames = @(
)
Confidence = 0
Description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator."
ExpirationDateTime = [System.DateTime]::Parse("2019-03-01T21:44:03.1668987+00:00")
ExternalId = "Test--8586509942423126760MS164-0"
FileHashType = "sha256"
FileHashValue = "b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6"
KillChain = @(
)
MalwareFamilyNames = @(
)
Severity = 0
Tags = @(
)
TargetProduct = "Azure Sentinel"
ThreatType = "WatchList"
TlpLevel = "green"
}
@{
ActivityGroupNames = @(
)
Confidence = 0
Description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator."
ExpirationDateTime = [System.DateTime]::Parse("2019-03-01T21:44:03.1748779+00:00")
ExternalId = "Test--8586509942423126760MS164-1"
FileHashType = "sha256"
FileHashValue = "1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b"
KillChain = @(
)
MalwareFamilyNames = @(
)
Severity = 0
Tags = @(
)
TargetProduct = "Azure Sentinel"
ThreatType = "WatchList"
TlpLevel = "green"
}
)
}
Submit-MgSecurityTiIndicator -BodyParameter $params