创建 windowsDeviceMalwareState
命名空间:microsoft.graph
重要提示: Microsoft Graph /beta 版本下的 API 可能会更改;不支持生产使用。
注意: 适用于 Intune 的 Microsoft Graph API 需要适用于租户的 活动 Intune 许可证。
创建新的 windowsDeviceMalwareState 对象。
先决条件
要调用此 API,需要以下权限之一。要了解详细信息,包括如何选择权限的信息,请参阅权限。
| 权限类型 | 权限(从最低特权到最高特权) |
|---|---|
| 委派(工作或学校帐户) | DeviceManagementConfiguration.ReadWrite.All、DeviceManagementManagedDevices.ReadWrite.All |
| 委派(个人 Microsoft 帐户) | 不支持。 |
| 应用程序 | DeviceManagementConfiguration.ReadWrite.All、DeviceManagementManagedDevices.ReadWrite.All |
HTTP 请求
POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/windowsProtectionState/detectedMalwareState
请求标头
| 标头 | 值 |
|---|---|
| Authorization | Bearer <token>。必需。 |
| 接受 | application/json |
请求正文
在请求正文中,提供 windowsDeviceMalwareState 对象的 JSON 表示形式。
下表显示创建 windowsDeviceMalwareState 时所需的属性。
| 属性 | 类型 | 说明 |
|---|---|---|
| id | String | 唯一标识符。 这是恶意软件 ID。 |
| displayName | String | 恶意软件名称 |
| additionalInformationUrl | String | 用于了解有关恶意软件详细信息的信息 URL |
| severity | windowsMalwareSeverity | 恶意软件的严重性。 可取值为:unknown、low、moderate、high、severe。 |
| executionState | windowsMalwareExecutionState | 恶意软件的执行状态,如阻止/执行等。可能的值是 unknown blocked allowed :、、、、。 running notRunning |
| state | windowsMalwareState | 恶意软件的当前状态,如已清理/隔离/允许等。可能的值是 unknown detected cleaned :、、、、、、、、、、 quarantined removed allowed blocked cleanFailed quarantineFailed removeFailed allowFailed abandoned blockFailed 。 |
| threatState | windowsMalwareThreatState | 恶意软件的当前状态,如已清理/隔离/允许等。可能的值是 active actionFailed manualStepsRequired :、、、、、、、、、、。 fullScanRequired rebootRequired remediatedWithNonCriticalFailures quarantined removed cleaned allowed noStatusCleared |
| initialDetectionDateTime | DateTimeOffset | 恶意软件的初始检测日期/时间 |
| lastStateChangeDateTime | DateTimeOffset | 上次更改此特定威胁的时间 |
| detectionCount | Int32 | 检测到恶意软件次数 |
| “类别” | windowsMalwareCategory | 恶意软件的类别。 可能的值是:、 、 、 invalid adware spyware passwordStealer trojanDownloader worm backdoor remoteAccessTrojan trojan emailFlooder keylogger dialer monitoringSoftware browserModifier cookie browserPlugin aolExploit nuker securityDisabler jokeProgram hostileActiveXControl softwareBundler stealthNotifier settingsModifier toolBar remoteControlSoftware trojanFtp potentialUnwantedSoftware icqExploit trojanTelnet exploit filesharingProgram malwareCreationTool remote_Control_Software tool trojanDenialOfService trojanDropper trojanMassMailer trojanMonitoringSoftware trojanProxyServer virus known unknown spp behavior vulnerability policy enterpriseUnwantedSoftware ransom hipsRule |
响应
如果成功,此方法在响应正文中返回 响应代码和 201 Created windowsDeviceMalwareState 对象。
示例
请求
下面是一个请求示例。
POST https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/windowsProtectionState/detectedMalwareState
Content-type: application/json
Content-length: 484
{
"@odata.type": "#microsoft.graph.windowsDeviceMalwareState",
"displayName": "Display Name value",
"additionalInformationUrl": "https://example.com/additionalInformationUrl/",
"severity": "low",
"executionState": "blocked",
"state": "detected",
"threatState": "actionFailed",
"initialDetectionDateTime": "2016-12-31T23:57:05.3889692-08:00",
"lastStateChangeDateTime": "2016-12-31T23:59:51.0767794-08:00",
"detectionCount": 14,
"category": "adware"
}
响应
下面是一个响应示例。注意:为了简单起见,可能会将此处所示的响应对象截断。将从实际调用中返回所有属性。
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 533
{
"@odata.type": "#microsoft.graph.windowsDeviceMalwareState",
"id": "6698016c-016c-6698-6c01-98666c019866",
"displayName": "Display Name value",
"additionalInformationUrl": "https://example.com/additionalInformationUrl/",
"severity": "low",
"executionState": "blocked",
"state": "detected",
"threatState": "actionFailed",
"initialDetectionDateTime": "2016-12-31T23:57:05.3889692-08:00",
"lastStateChangeDateTime": "2016-12-31T23:59:51.0767794-08:00",
"detectionCount": 14,
"category": "adware"
}
反馈
提交和查看相关反馈