创建 windowsDeviceMalwareStateCreate windowsDeviceMalwareState

命名空间:microsoft.graphNamespace: microsoft.graph

重要说明: /Beta 版本下的 Microsoft Graph Api 可能会发生更改;不支持生产使用。Important: Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.

注意: 适用于 Intune 的 Microsoft Graph API 需要适用于租户的活动 Intune 许可证Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.

创建新的 windowsDeviceMalwareState 对象。Create a new windowsDeviceMalwareState object.

先决条件Prerequisites

要调用此 API,需要以下权限之一。要了解详细信息,包括如何选择权限的信息,请参阅权限One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

权限类型Permission type 权限(从最高特权到最低特权)Permissions (from most to least privileged)
委派(工作或学校帐户)Delegated (work or school account) DeviceManagementManagedDevices.ReadWrite.AllDeviceManagementManagedDevices.ReadWrite.All
委派(个人 Microsoft 帐户)Delegated (personal Microsoft account) 不支持。Not supported.
应用程序Application DeviceManagementManagedDevices.ReadWrite.AllDeviceManagementManagedDevices.ReadWrite.All

HTTP 请求HTTP Request

POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/windowsProtectionState/detectedMalwareState

请求标头Request headers

标头Header Value
AuthorizationAuthorization Bearer <token>。必需。Bearer <token> Required.
接受Accept application/jsonapplication/json

请求正文Request body

在请求正文中,提供 windowsDeviceMalwareState 对象的 JSON 表示形式。In the request body, supply a JSON representation for the windowsDeviceMalwareState object.

下表显示创建 windowsDeviceMalwareState 时所需的属性。The following table shows the properties that are required when you create the windowsDeviceMalwareState.

属性Property 类型Type 说明Description
idid StringString 唯一标识符。The unique Identifier. 这是恶意软件 id。This is malware id.
displayNamedisplayName StringString 恶意软件名称Malware name
additionalInformationUrladditionalInformationUrl StringString 了解有关恶意软件的详细信息的信息 URLInformation URL to learn more about the malware
severityseverity windowsMalwareSeveritywindowsMalwareSeverity 恶意软件的严重性。Severity of the malware. 可取值为:unknownlowmoderatehighseverePossible values are: unknown, low, moderate, high, severe.
executionStateexecutionState windowsMalwareExecutionStatewindowsMalwareExecutionState 恶意软件的执行状态,如阻止/执行等。可能的值为: unknownblocked 、、 allowed runningnotRunningExecution status of the malware like blocked/executing etc. Possible values are: unknown, blocked, allowed, running, notRunning.
statestate windowsMalwareStatewindowsMalwareState 恶意软件的当前状态,如已清除/隔离/允许等。可能的值为:、、、、、、、、、、、、 unknown detected cleaned quarantined removed allowed blocked cleanFailed quarantineFailed removeFailed allowFailed abandoned blockFailedCurrent status of the malware like cleaned/quarantined/allowed etc. Possible values are: unknown, detected, cleaned, quarantined, removed, allowed, blocked, cleanFailed, quarantineFailed, removeFailed, allowFailed, abandoned, blockFailed.
threatStatethreatState windowsMalwareThreatStatewindowsMalwareThreatState 恶意软件的当前状态,如已清除/隔离/允许等。可能的值为:、、、、、、、、、、 active actionFailed manualStepsRequired fullScanRequired rebootRequired remediatedWithNonCriticalFailures quarantined removed cleaned allowed noStatusClearedCurrent status of the malware like cleaned/quarantined/allowed etc. Possible values are: active, actionFailed, manualStepsRequired, fullScanRequired, rebootRequired, remediatedWithNonCriticalFailures, quarantined, removed, cleaned, allowed, noStatusCleared.
initialDetectionDateTimeinitialDetectionDateTime DateTimeOffsetDateTimeOffset 恶意软件的初始检测日期Initial detection datetime of the malware
lastStateChangeDateTimelastStateChangeDateTime DateTimeOffsetDateTimeOffset 上次更改此特定威胁的时间The last time this particular threat was changed
detectionCountdetectionCount Int32Int32 检测到的恶意软件的次数Number of times the malware is detected
“类别”category windowsMalwareCategorywindowsMalwareCategory 恶意软件的类别。Category of the malware. 可能的值包括: invalidadware 、、 spyware 、、、 passwordStealertrojanDownloader worm backdoor remoteAccessTrojan trojan emailFlooder keylogger dialer monitoringSoftware browserModifier cookie browserPlugin aolExploit nuker securityDisabler jokeProgram hostileActiveXControl softwareBundler stealthNotifier settingsModifier toolBar remoteControlSoftware trojanFtp potentialUnwantedSoftware icqExploit trojanTelnet exploit filesharingProgram malwareCreationTool remote_Control_Software tool trojanDenialOfService trojanDropper trojanMassMailer trojanMonitoringSoftware trojanProxyServer virus known unknown spp behavior vulnerability policy enterpriseUnwantedSoftware ransom hipsRule 、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、Possible values are: invalid, adware, spyware, passwordStealer, trojanDownloader, worm, backdoor, remoteAccessTrojan, trojan, emailFlooder, keylogger, dialer, monitoringSoftware, browserModifier, cookie, browserPlugin, aolExploit, nuker, securityDisabler, jokeProgram, hostileActiveXControl, softwareBundler, stealthNotifier, settingsModifier, toolBar, remoteControlSoftware, trojanFtp, potentialUnwantedSoftware, icqExploit, trojanTelnet, exploit, filesharingProgram, malwareCreationTool, remote_Control_Software, tool, trojanDenialOfService, trojanDropper, trojanMassMailer, trojanMonitoringSoftware, trojanProxyServer, virus, known, unknown, spp, behavior, vulnerability, policy, enterpriseUnwantedSoftware, ransom, hipsRule.

响应Response

如果成功,此方法 201 Created 在响应正文中返回响应代码和 windowsDeviceMalwareState 对象。If successful, this method returns a 201 Created response code and a windowsDeviceMalwareState object in the response body.

示例Example

请求Request

下面是一个请求示例。Here is an example of the request.

POST https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/windowsProtectionState/detectedMalwareState
Content-type: application/json
Content-length: 484

{
  "@odata.type": "#microsoft.graph.windowsDeviceMalwareState",
  "displayName": "Display Name value",
  "additionalInformationUrl": "https://example.com/additionalInformationUrl/",
  "severity": "low",
  "executionState": "blocked",
  "state": "detected",
  "threatState": "actionFailed",
  "initialDetectionDateTime": "2016-12-31T23:57:05.3889692-08:00",
  "lastStateChangeDateTime": "2016-12-31T23:59:51.0767794-08:00",
  "detectionCount": 14,
  "category": "adware"
}

响应Response

下面是一个响应示例。注意:为了简单起见,可能会将此处所示的响应对象截断。将从实际调用中返回所有属性。Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 533

{
  "@odata.type": "#microsoft.graph.windowsDeviceMalwareState",
  "id": "6698016c-016c-6698-6c01-98666c019866",
  "displayName": "Display Name value",
  "additionalInformationUrl": "https://example.com/additionalInformationUrl/",
  "severity": "low",
  "executionState": "blocked",
  "state": "detected",
  "threatState": "actionFailed",
  "initialDetectionDateTime": "2016-12-31T23:57:05.3889692-08:00",
  "lastStateChangeDateTime": "2016-12-31T23:59:51.0767794-08:00",
  "detectionCount": 14,
  "category": "adware"
}