tiIndicator：submitTiIndicators

命名空间：microsoft.graph

重要

Microsoft Graph版本下的 /beta API 可能会发生更改。 不支持在生产应用程序中使用这些 API。 若要确定 API 是否在 v1.0 中可用，请使用 版本 选择器。

Upload一个 (请求) 多个请求（而不是多个请求）中使用多个威胁情报和 TI 指示器。

权限

要调用此 API，需要以下权限之一。要了解详细信息，包括如何选择权限的信息，请参阅权限。

权限类型	权限（从最低特权到最高特权）
委派（工作或学校帐户）	ThreatIndicators.ReadWrite.OwnedBy
委派（个人 Microsoft 帐户）	不支持。
应用程序	ThreatIndicators.ReadWrite.OwnedBy

HTTP 请求

POST /security/tiIndicators/submitTiIndicators

请求标头

名称	说明
Authorization	Bearer {code}

请求正文

在请求正文中，提供具有以下参数的 JSON 对象。

参数	类型	说明
值	tiIndicator 集合	要创建的 tiIndicator 的 JSON 集合。

对于每个 tiIndicator，提供包含至少一个电子邮件、文件或网络可观测的 tiIndicator 对象的 JSON 表示形式，以及以下必填字段：actiontlpLevel``description``expirationDateTime``targetProduct``threatType、。

响应

如果成功，此方法在响应 200 OK 正文中返回 响应代码和 tiIndicator 对象集合。 如果出现错误，此方法将返回 响应 206 Partial Content 代码。 有关详细信息 ， 请参阅错误。

示例

以下示例演示如何调用此 API。

请求

下面展示了示例请求。

HTTP

POST https://graph.microsoft.com/beta/security/tiIndicators/submitTiIndicators
Content-Type: application/json

{
  "value": [
    {
      "activityGroupNames": [],
      "confidence": 0,
      "description": "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
      "expirationDateTime": "2019-03-01T21:44:03.1668987+00:00",
      "externalId": "Test--8586509942423126760MS164-0",
      "fileHashType": "sha256",
      "fileHashValue": "b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6",
      "killChain": [],
      "malwareFamilyNames": [],
      "severity": 0,
      "tags": [],
      "targetProduct": "Azure Sentinel",
      "threatType": "WatchList",
      "tlpLevel": "green",
    },
    {
      "activityGroupNames": [],
      "confidence": 0,
      "description": "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
      "expirationDateTime": "2019-03-01T21:44:03.1748779+00:00",
      "externalId": "Test--8586509942423126760MS164-1",
      "fileHashType": "sha256",
      "fileHashValue": "1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b",
      "killChain": [],
      "malwareFamilyNames": [],
      "severity": 0,
      "tags": [],
      "targetProduct": "Azure Sentinel",
      "threatType": "WatchList",
      "tlpLevel": "green",
    }
  ]
}

C#

GraphServiceClient graphClient = new GraphServiceClient( authProvider );

var value = new List<TiIndicator>()
{
    new TiIndicator
    {
        ActivityGroupNames = new List<String>()
        {
        },
        Confidence = 0,
        Description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
        ExpirationDateTime = DateTimeOffset.Parse("2019-03-01T21:44:03.1668987+00:00"),
        ExternalId = "Test--8586509942423126760MS164-0",
        FileHashType = FileHashType.Sha256,
        FileHashValue = "b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6",
        KillChain = new List<String>()
        {
        },
        MalwareFamilyNames = new List<String>()
        {
        },
        Severity = 0,
        Tags = new List<String>()
        {
        },
        TargetProduct = "Azure Sentinel",
        ThreatType = "WatchList",
        TlpLevel = TlpLevel.Green
    },
    new TiIndicator
    {
        ActivityGroupNames = new List<String>()
        {
        },
        Confidence = 0,
        Description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
        ExpirationDateTime = DateTimeOffset.Parse("2019-03-01T21:44:03.1748779+00:00"),
        ExternalId = "Test--8586509942423126760MS164-1",
        FileHashType = FileHashType.Sha256,
        FileHashValue = "1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b",
        KillChain = new List<String>()
        {
        },
        MalwareFamilyNames = new List<String>()
        {
        },
        Severity = 0,
        Tags = new List<String>()
        {
        },
        TargetProduct = "Azure Sentinel",
        ThreatType = "WatchList",
        TlpLevel = TlpLevel.Green
    }
};

await graphClient.Security.TiIndicators
    .SubmitTiIndicators(value)
    .Request()
    .PostAsync();

重要

Microsoft Graph SDK 默认使用 v1.0 版本的 API，并且不支持 beta 版本中提供的所有类型、属性和 API。 有关使用 SDK 访问 beta API 的详细信息，请参阅将 Microsoft Graph SDK 与 beta API 配合使用。

有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息，请参阅 SDK 文档。

JavaScript

const options = {
    authProvider,
};

const client = Client.init(options);

const tiIndicator = {
  value: [
    {
      activityGroupNames: [],
      confidence: 0,
      description: 'This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.',
      expirationDateTime: '2019-03-01T21:44:03.1668987+00:00',
      externalId: 'Test--8586509942423126760MS164-0',
      fileHashType: 'sha256',
      fileHashValue: 'b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6',
      killChain: [],
      malwareFamilyNames: [],
      severity: 0,
      tags: [],
      targetProduct: 'Azure Sentinel',
      threatType: 'WatchList',
      tlpLevel: 'green',
    },
    {
      activityGroupNames: [],
      confidence: 0,
      description: 'This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.',
      expirationDateTime: '2019-03-01T21:44:03.1748779+00:00',
      externalId: 'Test--8586509942423126760MS164-1',
      fileHashType: 'sha256',
      fileHashValue: '1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b',
      killChain: [],
      malwareFamilyNames: [],
      severity: 0,
      tags: [],
      targetProduct: 'Azure Sentinel',
      threatType: 'WatchList',
      tlpLevel: 'green',
    }
  ]
};

await client.api('/security/tiIndicators/submitTiIndicators')
    .version('beta')
    .post(tiIndicator);

重要

Microsoft Graph SDK 默认使用 v1.0 版本的 API，并且不支持 beta 版本中提供的所有类型、属性和 API。 有关使用 SDK 访问 beta API 的详细信息，请参阅将 Microsoft Graph SDK 与 beta API 配合使用。

有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息，请参阅 SDK 文档。

Objective-C

MSHTTPClient *httpClient = [MSClientFactory createHTTPClientWithAuthenticationProvider:authenticationProvider];

NSString *MSGraphBaseURL = @"https://graph.microsoft.com/beta/";
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[MSGraphBaseURL stringByAppendingString:@"/security/tiIndicators/submitTiIndicators"]]];
[urlRequest setHTTPMethod:@"POST"];
[urlRequest setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];

NSMutableDictionary *payloadDictionary = [[NSMutableDictionary alloc] init];

NSMutableArray *valueList = [[NSMutableArray alloc] init];
MSGraphTiIndicator *value = [[MSGraphTiIndicator alloc] init];
NSMutableArray *activityGroupNamesList = [[NSMutableArray alloc] init];
[value setActivityGroupNames:activityGroupNamesList];
[value setConfidence: 0];
[value setDescription:@"This is a canary indicator for demo purpose. Take no action on any observables set in this indicator."];
[value setExpirationDateTime: "2019-03-01T21:44:03.1668987+00:00"];
[value setExternalId:@"Test--8586509942423126760MS164-0"];
[value setFileHashType: [MSGraphFileHashType sha256]];
[value setFileHashValue:@"b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6"];
NSMutableArray *killChainList = [[NSMutableArray alloc] init];
[value setKillChain:killChainList];
NSMutableArray *malwareFamilyNamesList = [[NSMutableArray alloc] init];
[value setMalwareFamilyNames:malwareFamilyNamesList];
[value setSeverity: 0];
NSMutableArray *tagsList = [[NSMutableArray alloc] init];
[value setTags:tagsList];
[value setTargetProduct:@"Azure Sentinel"];
[value setThreatType:@"WatchList"];
[value setTlpLevel: [MSGraphTlpLevel green]];
[valueList addObject: value];
MSGraphTiIndicator *value = [[MSGraphTiIndicator alloc] init];
NSMutableArray *activityGroupNamesList = [[NSMutableArray alloc] init];
[value setActivityGroupNames:activityGroupNamesList];
[value setConfidence: 0];
[value setDescription:@"This is a canary indicator for demo purpose. Take no action on any observables set in this indicator."];
[value setExpirationDateTime: "2019-03-01T21:44:03.1748779+00:00"];
[value setExternalId:@"Test--8586509942423126760MS164-1"];
[value setFileHashType: [MSGraphFileHashType sha256]];
[value setFileHashValue:@"1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b"];
NSMutableArray *killChainList = [[NSMutableArray alloc] init];
[value setKillChain:killChainList];
NSMutableArray *malwareFamilyNamesList = [[NSMutableArray alloc] init];
[value setMalwareFamilyNames:malwareFamilyNamesList];
[value setSeverity: 0];
NSMutableArray *tagsList = [[NSMutableArray alloc] init];
[value setTags:tagsList];
[value setTargetProduct:@"Azure Sentinel"];
[value setThreatType:@"WatchList"];
[value setTlpLevel: [MSGraphTlpLevel green]];
[valueList addObject: value];
payloadDictionary[@"value"] = valueList;

NSData *data = [NSJSONSerialization dataWithJSONObject:payloadDictionary options:kNilOptions error:&error];
[urlRequest setHTTPBody:data];

MSURLSessionDataTask *meDataTask = [httpClient dataTaskWithRequest:urlRequest 
    completionHandler: ^(NSData *data, NSURLResponse *response, NSError *nserror) {

        //Request Completed

}];

[meDataTask execute];

重要

Microsoft Graph SDK 默认使用 v1.0 版本的 API，并且不支持 beta 版本中提供的所有类型、属性和 API。 有关使用 SDK 访问 beta API 的详细信息，请参阅将 Microsoft Graph SDK 与 beta API 配合使用。

有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息，请参阅 SDK 文档。

Java

GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

LinkedList<TiIndicator> valueList = new LinkedList<TiIndicator>();
TiIndicator value = new TiIndicator();
LinkedList<String> activityGroupNamesList = new LinkedList<String>();
value.activityGroupNames = activityGroupNamesList;
value.confidence = 0;
value.description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.";
value.expirationDateTime = OffsetDateTimeSerializer.deserialize("2019-03-01T21:44:03.1668987+00:00");
value.externalId = "Test--8586509942423126760MS164-0";
value.fileHashType = FileHashType.SHA256;
value.fileHashValue = "b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6";
LinkedList<String> killChainList = new LinkedList<String>();
value.killChain = killChainList;
LinkedList<String> malwareFamilyNamesList = new LinkedList<String>();
value.malwareFamilyNames = malwareFamilyNamesList;
value.severity = 0;
LinkedList<String> tagsList = new LinkedList<String>();
value.tags = tagsList;
value.targetProduct = "Azure Sentinel";
value.threatType = "WatchList";
value.tlpLevel = TlpLevel.GREEN;

valueList.add(value);
TiIndicator value1 = new TiIndicator();
LinkedList<String> activityGroupNamesList1 = new LinkedList<String>();
value1.activityGroupNames = activityGroupNamesList1;
value1.confidence = 0;
value1.description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.";
value1.expirationDateTime = OffsetDateTimeSerializer.deserialize("2019-03-01T21:44:03.1748779+00:00");
value1.externalId = "Test--8586509942423126760MS164-1";
value1.fileHashType = FileHashType.SHA256;
value1.fileHashValue = "1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b";
LinkedList<String> killChainList1 = new LinkedList<String>();
value1.killChain = killChainList1;
LinkedList<String> malwareFamilyNamesList1 = new LinkedList<String>();
value1.malwareFamilyNames = malwareFamilyNamesList1;
value1.severity = 0;
LinkedList<String> tagsList1 = new LinkedList<String>();
value1.tags = tagsList1;
value1.targetProduct = "Azure Sentinel";
value1.threatType = "WatchList";
value1.tlpLevel = TlpLevel.GREEN;

valueList.add(value1);
TiIndicatorCollectionResponse tiIndicatorCollectionResponse = new TiIndicatorCollectionResponse();
tiIndicatorCollectionResponse.value = valueList;
TiIndicatorCollectionPage tiIndicatorCollectionPage = new TiIndicatorCollectionPage(tiIndicatorCollectionResponse, null);

graphClient.security().tiIndicators()
    .submitTiIndicators(TiIndicatorSubmitTiIndicatorsParameterSet
        .newBuilder()
        .withValue(valueList)
        .build())
    .buildRequest()
    .post();

重要

Microsoft Graph SDK 默认使用 v1.0 版本的 API，并且不支持 beta 版本中提供的所有类型、属性和 API。 有关使用 SDK 访问 beta API 的详细信息，请参阅将 Microsoft Graph SDK 与 beta API 配合使用。

有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息，请参阅 SDK 文档。

Go

//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)

result, err := graphClient.Security().TiIndicators().SubmitTiIndicators().Post(nil)

重要

Microsoft Graph SDK 默认使用 v1.0 版本的 API，并且不支持 beta 版本中提供的所有类型、属性和 API。 有关使用 SDK 访问 beta API 的详细信息，请参阅将 Microsoft Graph SDK 与 beta API 配合使用。

有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息，请参阅 SDK 文档。

PowerShell

Import-Module Microsoft.Graph.Security

$params = @{
    Value = @(
        @{
            ActivityGroupNames = @(
            )
            Confidence = 0
            Description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator."
            ExpirationDateTime = [System.DateTime]::Parse("2019-03-01T21:44:03.1668987+00:00")
            ExternalId = "Test--8586509942423126760MS164-0"
            FileHashType = "sha256"
            FileHashValue = "b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6"
            KillChain = @(
            )
            MalwareFamilyNames = @(
            )
            Severity = 0
            Tags = @(
            )
            TargetProduct = "Azure Sentinel"
            ThreatType = "WatchList"
            TlpLevel = "green"
        }
        @{
            ActivityGroupNames = @(
            )
            Confidence = 0
            Description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator."
            ExpirationDateTime = [System.DateTime]::Parse("2019-03-01T21:44:03.1748779+00:00")
            ExternalId = "Test--8586509942423126760MS164-1"
            FileHashType = "sha256"
            FileHashValue = "1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b"
            KillChain = @(
            )
            MalwareFamilyNames = @(
            )
            Severity = 0
            Tags = @(
            )
            TargetProduct = "Azure Sentinel"
            ThreatType = "WatchList"
            TlpLevel = "green"
        }
    )
}

Submit-MgSecurityTiIndicator -BodyParameter $params

重要

Microsoft Graph SDK 默认使用 v1.0 版本的 API，并且不支持 beta 版本中提供的所有类型、属性和 API。 有关使用 SDK 访问 beta API 的详细信息，请参阅将 Microsoft Graph SDK 与 beta API 配合使用。

有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息，请参阅 SDK 文档。

响应

下面展示了示例响应。

备注

为了提高可读性，可能缩短了此处显示的响应对象。

HTTP/1.1 200 OK
Content-type: application/json

{
  "value": [
    {
      "@odata.type": "#microsoft.graph.tiIndicator",
      "id": "c6fb948b-89c5-3bba-a2cd-a9d9a1e430e4",
      "azureTenantId": "XXXXXXXXXXXXXXXXXXXXX",
      "action": null,
      "additionalInformation": null,
      "activityGroupNames": [],
      "confidence": 0,
      "description": "This is a test indicator for demo purpose. Take no action on any observables set in this indicator.",
    }
  ]
}