MachineAction resource type
Applies to:
Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.
Note
If you are a US Government customer, please use the URIs listed in Microsoft Defender for Endpoint for US Government customers.
Tip
For better performance, you can use server closer to your geo location:
- us.api.security.microsoft.com
- eu.api.security.microsoft.com
- uk.api.security.microsoft.com
- au.api.security.microsoft.com
- swa.api.security.microsoft.com
- For more information, see Response Actions.
Method | Return Type | Description |
---|---|---|
List MachineActions | Machine Action | List Machine Action entities. |
Get MachineAction | Machine Action | Get a single Machine Action entity. |
Collect investigation package | Machine Action | Collect investigation package from a machine. |
Get investigation package SAS URI | Machine Action | Get URI for downloading the investigation package. |
Isolate machine | Machine Action | Isolate machine from network. |
Release machine from isolation | Machine Action | Release machine from Isolation. |
Restrict app execution | Machine Action | Restrict application execution. |
Remove app restriction | Machine Action | Remove application execution restriction. |
Run antivirus scan | Machine Action | Run an AV scan using Windows Defender (when applicable). |
Offboard machine | Machine Action | Offboard machine from Microsoft Defender for Endpoint. |
Stop and quarantine file | Machine Action | Stop execution of a file on a machine and delete it. |
Run live response | Machine Action | Runs a sequence of live response commands on a device |
Get live response result | URL entity | Retrieves specific live response command result download link by its index. |
Cancel machine action | Machine Action | Cancel an active machine action. |
Properties
Property | Type | Description |
---|---|---|
ID | Guid | Identity of the Machine Action entity. |
type | Enum | Type of the action. Possible values are: RunAntiVirusScan , Offboard , LiveResponse , CollectInvestigationPackage , Isolate , Unisolate , StopAndQuarantineFile , RestrictCodeExecution , and UnrestrictCodeExecution . |
scope | string | Scope of the action. Full or Selective for Isolation, Quick or Full for antivirus scan. |
requestor | String | Identity of the person that executed the action. |
externalID | String | Id the customer can submit in the request for custom correlation. |
requestSource | string | The name of the user/application that submitted the action. |
commands | array | Commands to run. Allowed values are PutFile, RunScript, GetFile. |
cancellationRequestor | String | Identity of the person that canceled the action. |
requestorComment | String | Comment that was written when issuing the action. |
cancellationComment | String | Comment that was written when canceling the action. |
status | Enum | Current status of the command. Possible values are: Pending , InProgress , Succeeded , Failed , TimeOut , and Cancelled . |
machineId | String | ID of the machine on which the action was executed. |
computerDnsName | String | Name of the machine on which the action was executed. |
creationDateTimeUtc | DateTimeOffset | The date and time when the action was created. |
cancellationDateTimeUtc | DateTimeOffset | The date and time when the action was canceled. |
lastUpdateDateTimeUtc | DateTimeOffset | The last date and time when the action status was updated. |
title | String | Machine action title. |
relatedFileInfo | Class | Contains two Properties. string fileIdentifier , Enum fileIdentifierType with the possible values: Sha1 , Sha256 , and Md5 . |
Json representation
{
"id": "5382f7ea-7557-4ab7-9782-d50480024a4e",
"type": "Isolate",
"scope": "Selective",
"requestor": "Analyst@TestPrd.onmicrosoft.com",
"requestorComment": "test for docs",
"status": "Succeeded",
"machineId": "7b1f4967d9728e5aa3c06a9e617a22a4a5a17378",
"computerDnsName": "desktop-test",
"creationDateTimeUtc": "2019-01-02T14:39:38.2262283Z",
"lastUpdateDateTimeUtc": "2019-01-02T14:40:44.6596267Z",
"relatedFileInfo": null
}
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.
Σχόλια
https://aka.ms/ContentUserFeedback.
Σύντομα διαθέσιμα: Καθ' όλη τη διάρκεια του 2024 θα καταργήσουμε σταδιακά τα ζητήματα GitHub ως μηχανισμό ανάδρασης για το περιεχόμενο και θα το αντικαταστήσουμε με ένα νέο σύστημα ανάδρασης. Για περισσότερες πληροφορίες, ανατρέξτε στο θέμα:Υποβολή και προβολή σχολίων για