取得警示相關的 IPs 資訊 APIGet alert related IPs information API

適用於:Applies to:

想要體驗適用於端點的 Microsoft Defender 嗎?Want to experience Microsoft Defender for Endpoint? 注册免費試用版。Sign up for a free trial.

注意

如果您是美國政府客戶,請使用 Microsoft Defender FOR Us 政府客戶的端點中所列的 URIs。If you are a US Government customer, please use the URIs listed in Microsoft Defender for Endpoint for US Government customers.

提示

為了提高效能,您可以使用伺服器以接近地理位置:For better performance, you can use server closer to your geo location:

  • api-us.securitycenter.microsoft.comapi-us.securitycenter.microsoft.com
  • api-eu.securitycenter.microsoft.comapi-eu.securitycenter.microsoft.com
  • api-uk.securitycenter.microsoft.comapi-uk.securitycenter.microsoft.com

API 描述API description

會檢索與特定警示相關的所有 Ip。Retrieves all IPs related to a specific alert.

限制Limitations

  1. 您可以根據您設定的保留期間,查詢上次更新的警示。You can query on alerts last updated according to your configured retention period.
  2. 此 API 的速率限制為每分鐘100個通話,每小時1500個通話。Rate limitations for this API are 100 calls per minute and 1500 calls per hour.

權限Permissions

需要有下列其中一個許可權才能呼叫此 API。One of the following permissions is required to call this API. 若要深入瞭解,包括如何選擇許可權,請參閱 使用 Microsoft Defender For Endpoint APIsTo learn more, including how to choose permissions, see Use Microsoft Defender for Endpoint APIs

許可權類型Permission type 權限Permission 許可權顯示名稱Permission display name
應用程式Application 已讀取的 Ip。全部Ip.Read.All 「讀取 IP 位址設定檔」'Read IP address profiles'
委派 (工作或學校帳戶) Delegated (work or school account) 已讀取的 Ip。全部Ip.Read.All 「讀取 IP 位址設定檔」'Read IP address profiles'

注意

使用使用者認證取得權杖時:When obtaining a token using user credentials:

  • 使用者至少必須具備下列角色許可權:「View Data ' (請參閱 建立及管理角色 以取得詳細資訊) The user needs to have at least the following role permission: 'View Data' (See Create and manage roles for more information)
  • 使用者必須能夠存取與警示相關聯的裝置,其基礎取決於裝置群組設定 (請參閱 建立及管理裝置群組 以取得詳細資訊) The user needs to have access to the device associated with the alert, based on device group settings (See Create and manage device groups for more information)

HTTP 要求HTTP request

GET /api/alerts/{id}/ips

要求標頭Request headers

名稱Name 類型Type 描述Description
授權Authorization 字串String 載荷 {token}。Bearer {token}. 必要欄位Required.

要求正文Request body

空白Empty

回應Response

如果成功及警示和 IP 存在-200 確定。If successful and alert and an IP exist - 200 OK. 如果找不到警示-找不到404。If alert not found - 404 Not Found.

範例Example

請求Request

以下是要求的範例。Here is an example of the request.

GET https://api.securitycenter.microsoft.com/alerts/636688558380765161_2136280442/ips

回應Response

以下是回應的範例。Here is an example of the response.

{
    "@odata.context": "https://api.securitycenter.microsoft.com/$metadata#Ips",    
    "value": [
                {
                    "id": "104.80.104.128"
                },
                {
                    "id": "23.203.232.228   
                }
                ...
    ]
}