New-MgSecurityThreatIntelligenceHostPair
Create new navigation property to hostPairs for security
Note
To view the beta release of this cmdlet, view New-MgBetaSecurityThreatIntelligenceHostPair
Syntax
New-MgSecurityThreatIntelligenceHostPair
[-ResponseHeadersVariable <String>]
[-AdditionalProperties <Hashtable>]
[-ChildHost <IMicrosoftGraphSecurityHost>]
[-FirstSeenDateTime <DateTime>]
[-Id <String>]
[-LastSeenDateTime <DateTime>]
[-LinkKind <String>]
[-ParentHost <IMicrosoftGraphSecurityHost>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] New-MgSecurityThreatIntelligenceHostPair
-BodyParameter <IMicrosoftGraphSecurityHostPair>
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
Create new navigation property to hostPairs for security
Parameters
-AdditionalProperties
Additional Parameters
| Type: | Hashtable |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-BodyParameter
hostPair To construct, see NOTES section for BODYPARAMETER properties and create a hash table.
| Type: | IMicrosoftGraphSecurityHostPair |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ChildHost
host To construct, see NOTES section for CHILDHOST properties and create a hash table.
| Type: | IMicrosoftGraphSecurityHost |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-FirstSeenDateTime
The date and time when Microsoft Defender Threat Intelligence first observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
| Type: | DateTime |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Headers
Optional headers that will be added to the request.
| Type: | IDictionary |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Id
The unique identifier for an entity. Read-only.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-LastSeenDateTime
The date and time when Microsoft Defender Threat Intelligence last observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
| Type: | DateTime |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-LinkKind
The reason that two hosts are identified as hostPair.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ParentHost
host To construct, see NOTES section for PARENTHOST properties and create a hash table.
| Type: | IMicrosoftGraphSecurityHost |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ProgressAction
{{ Fill ProgressAction Description }}
| Type: | ActionPreference |
| Aliases: | proga |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResponseHeadersVariable
Optional Response Headers Variable.
| Type: | String |
| Aliases: | RHV |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityHostPair
System.Collections.IDictionary
Outputs
Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityHostPair
Notes
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
BODYPARAMETER <IMicrosoftGraphSecurityHostPair>: hostPair
[(Any) <Object>]: This indicates any property can be added to this object.[Id <String>]: The unique identifier for an entity. Read-only.[ChildHost <IMicrosoftGraphSecurityHost>]: host[(Any) <Object>]: This indicates any property can be added to this object.[Id <String>]: The unique identifier for an entity. Read-only.[ChildHostPairs <IMicrosoftGraphSecurityHostPair-[]>]: The hostPairs that are resources associated with a host, where that host is the parentHost and has an outgoing pairing to a childHost.[Components <IMicrosoftGraphSecurityHostComponent-[]>]: The hostComponents that are associated with this host.[Id <String>]: The unique identifier for an entity. Read-only.[Category <String>]: The type of component that was detected (for example, Operating System, Framework, Remote Access, or Server).[FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed this web component. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[Host <IMicrosoftGraphSecurityHost>]: host[LastSeenDateTime <DateTime?>]: The most recent date and time when Microsoft Defender Threat Intelligence observed this web component. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[Name <String>]: A name running on the artifact, for example, Microsoft IIS.[Version <String>]: The component version running on the artifact, for example, v8.5. This shouldn't be assumed to be strictly numerical.
[Cookies <IMicrosoftGraphSecurityHostCookie-[]>]: The hostCookies that are associated with this host.[Id <String>]: The unique identifier for an entity. Read-only.[Domain <String>]: The URI for which the cookie is valid.[FirstSeenDateTime <DateTime?>]: The first date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[Host <IMicrosoftGraphSecurityHost>]: host[LastSeenDateTime <DateTime?>]: The most recent date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[Name <String>]: The name of the cookie, for example, JSESSIONID or SEARCH_NAMESITE.
[FirstSeenDateTime <DateTime?>]: The first date and time when this host was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[HostPairs <IMicrosoftGraphSecurityHostPair-[]>]: The hostPairs that are associated with this host, where this host is either the parentHost or childHost.[LastSeenDateTime <DateTime?>]: The most recent date and time when this host was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[ParentHostPairs <IMicrosoftGraphSecurityHostPair-[]>]: The hostPairs that are associated with a host, where that host is the childHost and has an incoming pairing with a parentHost.[PassiveDns <IMicrosoftGraphSecurityPassiveDnsRecord-[]>]: Passive DNS retrieval about this host.[Id <String>]: The unique identifier for an entity. Read-only.[Artifact <IMicrosoftGraphSecurityArtifact>]: artifact[(Any) <Object>]: This indicates any property can be added to this object.[Id <String>]: The unique identifier for an entity. Read-only.
[CollectedDateTime <DateTime?>]: The date and time that this passiveDnsRecord entry was collected by Microsoft. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[FirstSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was first seen. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[LastSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was most recently seen. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[ParentHost <IMicrosoftGraphSecurityHost>]: host[RecordType <String>]: The DNS record type for this passiveDnsRecord entry.
[PassiveDnsReverse <IMicrosoftGraphSecurityPassiveDnsRecord-[]>]: Reverse passive DNS retrieval about this host.[Ports <IMicrosoftGraphSecurityHostPort-[]>]: The hostPorts associated with a host.[Id <String>]: The unique identifier for an entity. Read-only.[Banners <IMicrosoftGraphSecurityHostPortBanner-[]>]: The hostPortBanners retrieved from scanning the port.[Banner <String>]: The text response received from a web component when scanning a hostPort.[FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[ScanProtocol <String>]: The specific protocol used to scan the hostPort.[TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPortBanner in all its scans.
[FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[Host <IMicrosoftGraphSecurityHost>]: host[LastScanDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence scanned the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[MostRecentSslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate[(Any) <Object>]: This indicates any property can be added to this object.[Id <String>]: The unique identifier for an entity. Read-only.[ExpirationDateTime <DateTime?>]: The date and time when a certificate expires. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Fingerprint <String>]: A hash of the certificate calculated on the data and signature.[FirstSeenDateTime <DateTime?>]: The first date and time when this sslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[IssueDateTime <DateTime?>]: The date and time when a certificate was issued. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Issuer <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity[(Any) <Object>]: This indicates any property can be added to this object.[Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress[(Any) <Object>]: This indicates any property can be added to this object.[City <String>]: The city.[CountryOrRegion <String>]: The country or region. It's a free-format string value, for example, 'United States'.[PostalCode <String>]: The postal code.[State <String>]: The state.[Street <String>]: The street.
[AlternateNames <String-[]>]: Alternate names for this entity that are part of the certificate.[CommonName <String>]: A common name for this entity.[Email <String>]: An email for this entity.[GivenName <String>]: If the entity is a person, this is the person's given name (first name).[OrganizationName <String>]: If the entity is an organization, this is the name of the organization.[OrganizationUnitName <String>]: If the entity is an organization, this communicates if a unit in the organization is named on the entity.[SerialNumber <String>]: A serial number assigned to the entity; usually only available if the entity is the issuer.[Surname <String>]: If the entity is a person, this is the person's surname (last name).
[LastSeenDateTime <DateTime?>]: The most recent date and time when this sslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[RelatedHosts <IMicrosoftGraphSecurityHost-[]>]: The hosts related with this sslCertificate.[SerialNumber <String>]: The serial number associated with an SSL certificate.[Sha1 <String>]: A SHA-1 hash of the certificate. Note: This is not the signature.[Subject <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity
[Port <Int32?>]: The numerical identifier of the port which is standardized across the internet.[Protocol <String>]: hostPortProtocol[Services <IMicrosoftGraphSecurityHostPortComponent-[]>]: The hostPortComponents retrieved from scanning the port.[Component <IMicrosoftGraphSecurityHostComponent>]: hostComponent[FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[IsRecent <Boolean?>]: Indicates whether this hostPortComponent is recent, which is determined by whether the hostPortComponent was observed either at the same time or after the latest hostPortBanner in the scan history, or within two days of the latest scan of the hostPort when there are no hostPortBanners in the scan history.[LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.
[Status <String>]: hostPortStatus[TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPort in all its scans.
[Reputation <IMicrosoftGraphSecurityHostReputation>]: hostReputation[(Any) <Object>]: This indicates any property can be added to this object.[Id <String>]: The unique identifier for an entity. Read-only.[Classification <String>]: hostReputationClassification[Rules <IMicrosoftGraphSecurityHostReputationRule-[]>]: A collection of rules that have been used to calculate the classification and score.[Description <String>]: The description of the rule that gives more context.[Name <String>]: The name of the rule.[RelatedDetailsUrl <String>]: Link to a web page with details related to this rule.[Severity <String>]: hostReputationRuleSeverity
[Score <Int32?>]: The calculated score (0-100) of the requested host. A higher value indicates that this host is more likely to be suspicious or malicious.
[SslCertificates <IMicrosoftGraphSecurityHostSslCertificate-[]>]: The hostSslCertificates that are associated with this host.[Id <String>]: The unique identifier for an entity. Read-only.[FirstSeenDateTime <DateTime?>]: The first date and time when this hostSslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Host <IMicrosoftGraphSecurityHost>]: host[LastSeenDateTime <DateTime?>]: The most recent date and time when this hostSslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Ports <IMicrosoftGraphSecurityHostSslCertificatePort-[]>]: The ports related with this hostSslCertificate.[FirstSeenDateTime <DateTime?>]: The first date and time when this port was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[LastSeenDateTime <DateTime?>]: The most recent date and time when this port was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Port <Int32?>]: The port number.
[SslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate
[Subdomains <IMicrosoftGraphSecuritySubdomain-[]>]: The subdomains that are associated with this host.[Id <String>]: The unique identifier for an entity. Read-only.[FirstSeenDateTime <DateTime?>]: The date and time when Microsoft Defender Threat Intelligence first observed the subdomain. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Host <IMicrosoftGraphSecurityHost>]: host
[Trackers <IMicrosoftGraphSecurityHostTracker-[]>]: The hostTrackers that are associated with this host.[Id <String>]: The unique identifier for an entity. Read-only.[FirstSeenDateTime <DateTime?>]: The first date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[Host <IMicrosoftGraphSecurityHost>]: host[Kind <String>]: The kind of hostTracker that was detected. For example, GoogleAnalyticsID or JarmHash.[LastSeenDateTime <DateTime?>]: The most recent date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[Value <String>]: The identification value for the hostTracker.
[Whois <IMicrosoftGraphSecurityWhoisRecord>]: whoisRecord[(Any) <Object>]: This indicates any property can be added to this object.[Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[(Any) <Object>]: This indicates any property can be added to this object.[Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress[Email <String>]: The email of this WHOIS contact.[Fax <String>]: The fax of this WHOIS contact. No format is guaranteed.[Name <String>]: The name of this WHOIS contact.[Organization <String>]: The organization of this WHOIS contact.[Telephone <String>]: The telephone of this WHOIS contact. No format is guaranteed.
[Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[DomainStatus <String>]: The domain status for this WHOIS object.[ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Host <IMicrosoftGraphSecurityHost>]: host[LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Nameservers <IMicrosoftGraphSecurityWhoisNameserver-[]>]: The nameservers for this WHOIS object.[FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS contact. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Host <IMicrosoftGraphSecurityHost>]: host[LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS contact. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[RawWhoisText <String>]: The raw WHOIS details for this WHOIS object.[Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[WhoisServer <String>]: The WHOIS server that provides the details.[Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[Id <String>]: The unique identifier for an entity. Read-only.[History <IMicrosoftGraphSecurityWhoisHistoryRecord-[]>]: The collection of historical records associated to this WHOIS object.[Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[DomainStatus <String>]: The domain status for this WHOIS object.[ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Host <IMicrosoftGraphSecurityHost>]: host[LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Nameservers <IMicrosoftGraphSecurityWhoisNameserver-[]>]: The nameservers for this WHOIS object.[Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[RawWhoisText <String>]: The raw WHOIS details for this WHOIS object.[Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[WhoisServer <String>]: The WHOIS server that provides the details.[Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[Id <String>]: The unique identifier for an entity. Read-only.
[FirstSeenDateTime <DateTime?>]: The date and time when Microsoft Defender Threat Intelligence first observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[LastSeenDateTime <DateTime?>]: The date and time when Microsoft Defender Threat Intelligence last observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[LinkKind <String>]: The reason that two hosts are identified as hostPair.[ParentHost <IMicrosoftGraphSecurityHost>]: host
CHILDHOST <IMicrosoftGraphSecurityHost>: host
[(Any) <Object>]: This indicates any property can be added to this object.[Id <String>]: The unique identifier for an entity. Read-only.[ChildHostPairs <IMicrosoftGraphSecurityHostPair-[]>]: The hostPairs that are resources associated with a host, where that host is the parentHost and has an outgoing pairing to a childHost.[Id <String>]: The unique identifier for an entity. Read-only.[ChildHost <IMicrosoftGraphSecurityHost>]: host[FirstSeenDateTime <DateTime?>]: The date and time when Microsoft Defender Threat Intelligence first observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[LastSeenDateTime <DateTime?>]: The date and time when Microsoft Defender Threat Intelligence last observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[LinkKind <String>]: The reason that two hosts are identified as hostPair.[ParentHost <IMicrosoftGraphSecurityHost>]: host
[Components <IMicrosoftGraphSecurityHostComponent-[]>]: The hostComponents that are associated with this host.[Id <String>]: The unique identifier for an entity. Read-only.[Category <String>]: The type of component that was detected (for example, Operating System, Framework, Remote Access, or Server).[FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed this web component. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[Host <IMicrosoftGraphSecurityHost>]: host[LastSeenDateTime <DateTime?>]: The most recent date and time when Microsoft Defender Threat Intelligence observed this web component. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[Name <String>]: A name running on the artifact, for example, Microsoft IIS.[Version <String>]: The component version running on the artifact, for example, v8.5. This shouldn't be assumed to be strictly numerical.
[Cookies <IMicrosoftGraphSecurityHostCookie-[]>]: The hostCookies that are associated with this host.[Id <String>]: The unique identifier for an entity. Read-only.[Domain <String>]: The URI for which the cookie is valid.[FirstSeenDateTime <DateTime?>]: The first date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[Host <IMicrosoftGraphSecurityHost>]: host[LastSeenDateTime <DateTime?>]: The most recent date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[Name <String>]: The name of the cookie, for example, JSESSIONID or SEARCH_NAMESITE.
[FirstSeenDateTime <DateTime?>]: The first date and time when this host was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[HostPairs <IMicrosoftGraphSecurityHostPair-[]>]: The hostPairs that are associated with this host, where this host is either the parentHost or childHost.[LastSeenDateTime <DateTime?>]: The most recent date and time when this host was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[ParentHostPairs <IMicrosoftGraphSecurityHostPair-[]>]: The hostPairs that are associated with a host, where that host is the childHost and has an incoming pairing with a parentHost.[PassiveDns <IMicrosoftGraphSecurityPassiveDnsRecord-[]>]: Passive DNS retrieval about this host.[Id <String>]: The unique identifier for an entity. Read-only.[Artifact <IMicrosoftGraphSecurityArtifact>]: artifact[(Any) <Object>]: This indicates any property can be added to this object.[Id <String>]: The unique identifier for an entity. Read-only.
[CollectedDateTime <DateTime?>]: The date and time that this passiveDnsRecord entry was collected by Microsoft. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[FirstSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was first seen. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[LastSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was most recently seen. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[ParentHost <IMicrosoftGraphSecurityHost>]: host[RecordType <String>]: The DNS record type for this passiveDnsRecord entry.
[PassiveDnsReverse <IMicrosoftGraphSecurityPassiveDnsRecord-[]>]: Reverse passive DNS retrieval about this host.[Ports <IMicrosoftGraphSecurityHostPort-[]>]: The hostPorts associated with a host.[Id <String>]: The unique identifier for an entity. Read-only.[Banners <IMicrosoftGraphSecurityHostPortBanner-[]>]: The hostPortBanners retrieved from scanning the port.[Banner <String>]: The text response received from a web component when scanning a hostPort.[FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[ScanProtocol <String>]: The specific protocol used to scan the hostPort.[TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPortBanner in all its scans.
[FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[Host <IMicrosoftGraphSecurityHost>]: host[LastScanDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence scanned the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[MostRecentSslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate[(Any) <Object>]: This indicates any property can be added to this object.[Id <String>]: The unique identifier for an entity. Read-only.[ExpirationDateTime <DateTime?>]: The date and time when a certificate expires. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Fingerprint <String>]: A hash of the certificate calculated on the data and signature.[FirstSeenDateTime <DateTime?>]: The first date and time when this sslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[IssueDateTime <DateTime?>]: The date and time when a certificate was issued. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Issuer <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity[(Any) <Object>]: This indicates any property can be added to this object.[Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress[(Any) <Object>]: This indicates any property can be added to this object.[City <String>]: The city.[CountryOrRegion <String>]: The country or region. It's a free-format string value, for example, 'United States'.[PostalCode <String>]: The postal code.[State <String>]: The state.[Street <String>]: The street.
[AlternateNames <String-[]>]: Alternate names for this entity that are part of the certificate.[CommonName <String>]: A common name for this entity.[Email <String>]: An email for this entity.[GivenName <String>]: If the entity is a person, this is the person's given name (first name).[OrganizationName <String>]: If the entity is an organization, this is the name of the organization.[OrganizationUnitName <String>]: If the entity is an organization, this communicates if a unit in the organization is named on the entity.[SerialNumber <String>]: A serial number assigned to the entity; usually only available if the entity is the issuer.[Surname <String>]: If the entity is a person, this is the person's surname (last name).
[LastSeenDateTime <DateTime?>]: The most recent date and time when this sslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[RelatedHosts <IMicrosoftGraphSecurityHost-[]>]: The hosts related with this sslCertificate.[SerialNumber <String>]: The serial number associated with an SSL certificate.[Sha1 <String>]: A SHA-1 hash of the certificate. Note: This is not the signature.[Subject <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity
[Port <Int32?>]: The numerical identifier of the port which is standardized across the internet.[Protocol <String>]: hostPortProtocol[Services <IMicrosoftGraphSecurityHostPortComponent-[]>]: The hostPortComponents retrieved from scanning the port.[Component <IMicrosoftGraphSecurityHostComponent>]: hostComponent[FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[IsRecent <Boolean?>]: Indicates whether this hostPortComponent is recent, which is determined by whether the hostPortComponent was observed either at the same time or after the latest hostPortBanner in the scan history, or within two days of the latest scan of the hostPort when there are no hostPortBanners in the scan history.[LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.
[Status <String>]: hostPortStatus[TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPort in all its scans.
[Reputation <IMicrosoftGraphSecurityHostReputation>]: hostReputation[(Any) <Object>]: This indicates any property can be added to this object.[Id <String>]: The unique identifier for an entity. Read-only.[Classification <String>]: hostReputationClassification[Rules <IMicrosoftGraphSecurityHostReputationRule-[]>]: A collection of rules that have been used to calculate the classification and score.[Description <String>]: The description of the rule that gives more context.[Name <String>]: The name of the rule.[RelatedDetailsUrl <String>]: Link to a web page with details related to this rule.[Severity <String>]: hostReputationRuleSeverity
[Score <Int32?>]: The calculated score (0-100) of the requested host. A higher value indicates that this host is more likely to be suspicious or malicious.
[SslCertificates <IMicrosoftGraphSecurityHostSslCertificate-[]>]: The hostSslCertificates that are associated with this host.[Id <String>]: The unique identifier for an entity. Read-only.[FirstSeenDateTime <DateTime?>]: The first date and time when this hostSslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Host <IMicrosoftGraphSecurityHost>]: host[LastSeenDateTime <DateTime?>]: The most recent date and time when this hostSslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Ports <IMicrosoftGraphSecurityHostSslCertificatePort-[]>]: The ports related with this hostSslCertificate.[FirstSeenDateTime <DateTime?>]: The first date and time when this port was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[LastSeenDateTime <DateTime?>]: The most recent date and time when this port was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Port <Int32?>]: The port number.
[SslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate
[Subdomains <IMicrosoftGraphSecuritySubdomain-[]>]: The subdomains that are associated with this host.[Id <String>]: The unique identifier for an entity. Read-only.[FirstSeenDateTime <DateTime?>]: The date and time when Microsoft Defender Threat Intelligence first observed the subdomain. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Host <IMicrosoftGraphSecurityHost>]: host
[Trackers <IMicrosoftGraphSecurityHostTracker-[]>]: The hostTrackers that are associated with this host.[Id <String>]: The unique identifier for an entity. Read-only.[FirstSeenDateTime <DateTime?>]: The first date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[Host <IMicrosoftGraphSecurityHost>]: host[Kind <String>]: The kind of hostTracker that was detected. For example, GoogleAnalyticsID or JarmHash.[LastSeenDateTime <DateTime?>]: The most recent date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[Value <String>]: The identification value for the hostTracker.
[Whois <IMicrosoftGraphSecurityWhoisRecord>]: whoisRecord[(Any) <Object>]: This indicates any property can be added to this object.[Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[(Any) <Object>]: This indicates any property can be added to this object.[Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress[Email <String>]: The email of this WHOIS contact.[Fax <String>]: The fax of this WHOIS contact. No format is guaranteed.[Name <String>]: The name of this WHOIS contact.[Organization <String>]: The organization of this WHOIS contact.[Telephone <String>]: The telephone of this WHOIS contact. No format is guaranteed.
[Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[DomainStatus <String>]: The domain status for this WHOIS object.[ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Host <IMicrosoftGraphSecurityHost>]: host[LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Nameservers <IMicrosoftGraphSecurityWhoisNameserver-[]>]: The nameservers for this WHOIS object.[FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS contact. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Host <IMicrosoftGraphSecurityHost>]: host[LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS contact. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[RawWhoisText <String>]: The raw WHOIS details for this WHOIS object.[Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[WhoisServer <String>]: The WHOIS server that provides the details.[Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[Id <String>]: The unique identifier for an entity. Read-only.[History <IMicrosoftGraphSecurityWhoisHistoryRecord-[]>]: The collection of historical records associated to this WHOIS object.[Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[DomainStatus <String>]: The domain status for this WHOIS object.[ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Host <IMicrosoftGraphSecurityHost>]: host[LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Nameservers <IMicrosoftGraphSecurityWhoisNameserver-[]>]: The nameservers for this WHOIS object.[Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[RawWhoisText <String>]: The raw WHOIS details for this WHOIS object.[Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[WhoisServer <String>]: The WHOIS server that provides the details.[Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[Id <String>]: The unique identifier for an entity. Read-only.
PARENTHOST <IMicrosoftGraphSecurityHost>: host
[(Any) <Object>]: This indicates any property can be added to this object.[Id <String>]: The unique identifier for an entity. Read-only.[ChildHostPairs <IMicrosoftGraphSecurityHostPair-[]>]: The hostPairs that are resources associated with a host, where that host is the parentHost and has an outgoing pairing to a childHost.[Id <String>]: The unique identifier for an entity. Read-only.[ChildHost <IMicrosoftGraphSecurityHost>]: host[FirstSeenDateTime <DateTime?>]: The date and time when Microsoft Defender Threat Intelligence first observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[LastSeenDateTime <DateTime?>]: The date and time when Microsoft Defender Threat Intelligence last observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[LinkKind <String>]: The reason that two hosts are identified as hostPair.[ParentHost <IMicrosoftGraphSecurityHost>]: host
[Components <IMicrosoftGraphSecurityHostComponent-[]>]: The hostComponents that are associated with this host.[Id <String>]: The unique identifier for an entity. Read-only.[Category <String>]: The type of component that was detected (for example, Operating System, Framework, Remote Access, or Server).[FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed this web component. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[Host <IMicrosoftGraphSecurityHost>]: host[LastSeenDateTime <DateTime?>]: The most recent date and time when Microsoft Defender Threat Intelligence observed this web component. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[Name <String>]: A name running on the artifact, for example, Microsoft IIS.[Version <String>]: The component version running on the artifact, for example, v8.5. This shouldn't be assumed to be strictly numerical.
[Cookies <IMicrosoftGraphSecurityHostCookie-[]>]: The hostCookies that are associated with this host.[Id <String>]: The unique identifier for an entity. Read-only.[Domain <String>]: The URI for which the cookie is valid.[FirstSeenDateTime <DateTime?>]: The first date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[Host <IMicrosoftGraphSecurityHost>]: host[LastSeenDateTime <DateTime?>]: The most recent date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[Name <String>]: The name of the cookie, for example, JSESSIONID or SEARCH_NAMESITE.
[FirstSeenDateTime <DateTime?>]: The first date and time when this host was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[HostPairs <IMicrosoftGraphSecurityHostPair-[]>]: The hostPairs that are associated with this host, where this host is either the parentHost or childHost.[LastSeenDateTime <DateTime?>]: The most recent date and time when this host was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[ParentHostPairs <IMicrosoftGraphSecurityHostPair-[]>]: The hostPairs that are associated with a host, where that host is the childHost and has an incoming pairing with a parentHost.[PassiveDns <IMicrosoftGraphSecurityPassiveDnsRecord-[]>]: Passive DNS retrieval about this host.[Id <String>]: The unique identifier for an entity. Read-only.[Artifact <IMicrosoftGraphSecurityArtifact>]: artifact[(Any) <Object>]: This indicates any property can be added to this object.[Id <String>]: The unique identifier for an entity. Read-only.
[CollectedDateTime <DateTime?>]: The date and time that this passiveDnsRecord entry was collected by Microsoft. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[FirstSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was first seen. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[LastSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was most recently seen. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[ParentHost <IMicrosoftGraphSecurityHost>]: host[RecordType <String>]: The DNS record type for this passiveDnsRecord entry.
[PassiveDnsReverse <IMicrosoftGraphSecurityPassiveDnsRecord-[]>]: Reverse passive DNS retrieval about this host.[Ports <IMicrosoftGraphSecurityHostPort-[]>]: The hostPorts associated with a host.[Id <String>]: The unique identifier for an entity. Read-only.[Banners <IMicrosoftGraphSecurityHostPortBanner-[]>]: The hostPortBanners retrieved from scanning the port.[Banner <String>]: The text response received from a web component when scanning a hostPort.[FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[ScanProtocol <String>]: The specific protocol used to scan the hostPort.[TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPortBanner in all its scans.
[FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[Host <IMicrosoftGraphSecurityHost>]: host[LastScanDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence scanned the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[MostRecentSslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate[(Any) <Object>]: This indicates any property can be added to this object.[Id <String>]: The unique identifier for an entity. Read-only.[ExpirationDateTime <DateTime?>]: The date and time when a certificate expires. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Fingerprint <String>]: A hash of the certificate calculated on the data and signature.[FirstSeenDateTime <DateTime?>]: The first date and time when this sslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[IssueDateTime <DateTime?>]: The date and time when a certificate was issued. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Issuer <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity[(Any) <Object>]: This indicates any property can be added to this object.[Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress[(Any) <Object>]: This indicates any property can be added to this object.[City <String>]: The city.[CountryOrRegion <String>]: The country or region. It's a free-format string value, for example, 'United States'.[PostalCode <String>]: The postal code.[State <String>]: The state.[Street <String>]: The street.
[AlternateNames <String-[]>]: Alternate names for this entity that are part of the certificate.[CommonName <String>]: A common name for this entity.[Email <String>]: An email for this entity.[GivenName <String>]: If the entity is a person, this is the person's given name (first name).[OrganizationName <String>]: If the entity is an organization, this is the name of the organization.[OrganizationUnitName <String>]: If the entity is an organization, this communicates if a unit in the organization is named on the entity.[SerialNumber <String>]: A serial number assigned to the entity; usually only available if the entity is the issuer.[Surname <String>]: If the entity is a person, this is the person's surname (last name).
[LastSeenDateTime <DateTime?>]: The most recent date and time when this sslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[RelatedHosts <IMicrosoftGraphSecurityHost-[]>]: The hosts related with this sslCertificate.[SerialNumber <String>]: The serial number associated with an SSL certificate.[Sha1 <String>]: A SHA-1 hash of the certificate. Note: This is not the signature.[Subject <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity
[Port <Int32?>]: The numerical identifier of the port which is standardized across the internet.[Protocol <String>]: hostPortProtocol[Services <IMicrosoftGraphSecurityHostPortComponent-[]>]: The hostPortComponents retrieved from scanning the port.[Component <IMicrosoftGraphSecurityHostComponent>]: hostComponent[FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[IsRecent <Boolean?>]: Indicates whether this hostPortComponent is recent, which is determined by whether the hostPortComponent was observed either at the same time or after the latest hostPortBanner in the scan history, or within two days of the latest scan of the hostPort when there are no hostPortBanners in the scan history.[LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.
[Status <String>]: hostPortStatus[TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPort in all its scans.
[Reputation <IMicrosoftGraphSecurityHostReputation>]: hostReputation[(Any) <Object>]: This indicates any property can be added to this object.[Id <String>]: The unique identifier for an entity. Read-only.[Classification <String>]: hostReputationClassification[Rules <IMicrosoftGraphSecurityHostReputationRule-[]>]: A collection of rules that have been used to calculate the classification and score.[Description <String>]: The description of the rule that gives more context.[Name <String>]: The name of the rule.[RelatedDetailsUrl <String>]: Link to a web page with details related to this rule.[Severity <String>]: hostReputationRuleSeverity
[Score <Int32?>]: The calculated score (0-100) of the requested host. A higher value indicates that this host is more likely to be suspicious or malicious.
[SslCertificates <IMicrosoftGraphSecurityHostSslCertificate-[]>]: The hostSslCertificates that are associated with this host.[Id <String>]: The unique identifier for an entity. Read-only.[FirstSeenDateTime <DateTime?>]: The first date and time when this hostSslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Host <IMicrosoftGraphSecurityHost>]: host[LastSeenDateTime <DateTime?>]: The most recent date and time when this hostSslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Ports <IMicrosoftGraphSecurityHostSslCertificatePort-[]>]: The ports related with this hostSslCertificate.[FirstSeenDateTime <DateTime?>]: The first date and time when this port was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[LastSeenDateTime <DateTime?>]: The most recent date and time when this port was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Port <Int32?>]: The port number.
[SslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate
[Subdomains <IMicrosoftGraphSecuritySubdomain-[]>]: The subdomains that are associated with this host.[Id <String>]: The unique identifier for an entity. Read-only.[FirstSeenDateTime <DateTime?>]: The date and time when Microsoft Defender Threat Intelligence first observed the subdomain. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Host <IMicrosoftGraphSecurityHost>]: host
[Trackers <IMicrosoftGraphSecurityHostTracker-[]>]: The hostTrackers that are associated with this host.[Id <String>]: The unique identifier for an entity. Read-only.[FirstSeenDateTime <DateTime?>]: The first date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[Host <IMicrosoftGraphSecurityHost>]: host[Kind <String>]: The kind of hostTracker that was detected. For example, GoogleAnalyticsID or JarmHash.[LastSeenDateTime <DateTime?>]: The most recent date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.[Value <String>]: The identification value for the hostTracker.
[Whois <IMicrosoftGraphSecurityWhoisRecord>]: whoisRecord[(Any) <Object>]: This indicates any property can be added to this object.[Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[(Any) <Object>]: This indicates any property can be added to this object.[Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress[Email <String>]: The email of this WHOIS contact.[Fax <String>]: The fax of this WHOIS contact. No format is guaranteed.[Name <String>]: The name of this WHOIS contact.[Organization <String>]: The organization of this WHOIS contact.[Telephone <String>]: The telephone of this WHOIS contact. No format is guaranteed.
[Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[DomainStatus <String>]: The domain status for this WHOIS object.[ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Host <IMicrosoftGraphSecurityHost>]: host[LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Nameservers <IMicrosoftGraphSecurityWhoisNameserver-[]>]: The nameservers for this WHOIS object.[FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS contact. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Host <IMicrosoftGraphSecurityHost>]: host[LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS contact. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[RawWhoisText <String>]: The raw WHOIS details for this WHOIS object.[Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[WhoisServer <String>]: The WHOIS server that provides the details.[Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[Id <String>]: The unique identifier for an entity. Read-only.[History <IMicrosoftGraphSecurityWhoisHistoryRecord-[]>]: The collection of historical records associated to this WHOIS object.[Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[DomainStatus <String>]: The domain status for this WHOIS object.[ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Host <IMicrosoftGraphSecurityHost>]: host[LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Nameservers <IMicrosoftGraphSecurityWhoisNameserver-[]>]: The nameservers for this WHOIS object.[Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[RawWhoisText <String>]: The raw WHOIS details for this WHOIS object.[Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.[Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[WhoisServer <String>]: The WHOIS server that provides the details.[Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact[Id <String>]: The unique identifier for an entity. Read-only.