MachineAction 资源类型MachineAction resource type

适用于:Applies to:

想要体验 Microsoft Defender for Endpoint?Want to experience Microsoft Defender for Endpoint? 注册免费试用版。Sign up for a free trial.

备注

如果你是美国政府客户,请使用 Microsoft Defender for Endpoint 中针对美国政府客户的 URI。If you are a US Government customer, please use the URIs listed in Microsoft Defender for Endpoint for US Government customers.

提示

为了提高性能,可以使用距离地理位置更近的服务器:For better performance, you can use server closer to your geo location:

  • api-us.securitycenter.microsoft.comapi-us.securitycenter.microsoft.com
  • api-eu.securitycenter.microsoft.comapi-eu.securitycenter.microsoft.com
  • api-uk.securitycenter.microsoft.comapi-uk.securitycenter.microsoft.com
方法Method 返回类型Return Type 说明Description
列出 MachineActionsList MachineActions 计算机操作Machine Action 列出 计算机操作 实体。List Machine Action entities.
获取 MachineActionGet MachineAction 计算机操作Machine Action 获取单个 Machine Action 实体。Get a single Machine Action entity.
收集调查包Collect investigation package 计算机操作Machine Action 从计算机收集调查 Collect investigation package from a machine.
获取调查包 SAS URIGet investigation package SAS URI 计算机操作Machine Action 获取用于下载调查包的 URI。Get URI for downloading the investigation package.
隔离计算机Isolate machine 计算机操作Machine Action 计算机 与网络隔离。Isolate machine from network.
解除计算机隔离Release machine from isolation 计算机操作Machine Action 解除 计算机 隔离。Release machine from Isolation.
限制应用执行Restrict app execution 计算机操作Machine Action 限制应用程序执行。Restrict application execution.
删除应用限制Remove app restriction 计算机操作Machine Action 删除应用程序执行限制。Remove application execution restriction.
运行防病毒扫描Run antivirus scan 计算机操作Machine Action 如果适用,请Windows Defender (AV) 。Run an AV scan using Windows Defender (when applicable).
载出计算机Offboard machine 计算机操作Machine Action 从 Microsoft Defender for Endpoint 载出计算机。Offboard machine from Microsoft Defender for Endpoint.
停止和隔离文件Stop and quarantine file 计算机操作Machine Action 停止执行计算机上的文件并将其删除。Stop execution of a file on a machine and delete it.

属性Properties

属性Property 类型Type 说明Description
IDID GuidGuid 计算机 操作实体的 标识。Identity of the Machine Action entity.
typetype 枚举Enum 操作的类型。Type of the action. 可能的值包括:"RunAntiVirusScan"、"Offboard"、"CollectInvestigationPackage"、"Isolate"、"Unisolate"、"StopAndQuarantineFile"、"RestrictCodeExecution"和"UnrestrictCodeExecution"Possible values are: "RunAntiVirusScan", "Offboard", "CollectInvestigationPackage", "Isolate", "Unisolate", "StopAndQuarantineFile", "RestrictCodeExecution" and "UnrestrictCodeExecution"
scopescope stringstring 操作的范围。Scope of the action. "完全"或"选择性"用于隔离,"快速"或"完全"用于防病毒扫描。"Full" or "Selective" for Isolation, "Quick" or "Full" for Anti-Virus scan.
requestorrequestor StringString 执行该操作的人的身份。Identity of the person that executed the action.
requestorCommentrequestorComment StringString 发出操作时写入的注释。Comment that was written when issuing the action.
状态status 枚举Enum 命令的当前状态。Current status of the command. 可能的值包括:"Pending"、"InProgress"、"Succeeded"、"Failed"、"TimeOut"和"Canceled"。Possible values are: "Pending", "InProgress", "Succeeded", "Failed", "TimeOut" and "Canceled".
machineIdmachineId StringString 执行 该操作的虚拟机的 ID。ID of the machine on which the action was executed.
machineIdmachineId StringString 执行 该操作计算机的名称。Name of the machine on which the action was executed.
creationDateTimeUtccreationDateTimeUtc DateTimeOffsetDateTimeOffset 创建该操作的日期和时间。The date and time when the action was created.
lastUpdateTimeUtclastUpdateTimeUtc DateTimeOffsetDateTimeOffset 上次更新操作状态的日期和时间。The last date and time when the action status was updated.
relatedFileInforelatedFileInfo Class 包含两个属性。Contains two Properties. string fileIdentifier fileIdentifierType ,Enum,可能的值:"Sha1"、"Sha256"和"Md5"。string fileIdentifier, Enum fileIdentifierType with the possible values: "Sha1", "Sha256" and "Md5".

Json 表示形式Json representation

{
        "id": "5382f7ea-7557-4ab7-9782-d50480024a4e",
        "type": "Isolate",
        "scope": "Selective",
        "requestor": "Analyst@TestPrd.onmicrosoft.com",
        "requestorComment": "test for docs",
        "status": "Succeeded",
        "machineId": "7b1f4967d9728e5aa3c06a9e617a22a4a5a17378",
        "computerDnsName": "desktop-test",
        "creationDateTimeUtc": "2019-01-02T14:39:38.2262283Z",
        "lastUpdateDateTimeUtc": "2019-01-02T14:40:44.6596267Z",
        "relatedFileInfo": null
}