tiIndicator：submitTiIndicators

项目
10/30/2023

命名空间：microsoft.graph

重要

Microsoft Graph /beta 版本下的 API 可能会发生更改。不支持在生产应用程序中使用这些 API。若要确定 API 是否在 v1.0 中可用，请使用版本选择器。

在一个请求中上传多个威胁情报 (TI) 指示器，而不是多个请求。

全局服务	美国政府 L4	美国政府 L5 (DOD)	由世纪互联运营的中国
✅	❌	❌	❌

权限

为此 API 选择标记为最低特权的权限。只有在应用需要它时，才使用更高的特权权限。有关委派权限和应用程序权限的详细信息，请参阅权限类型。要了解有关这些权限的详细信息，请参阅权限参考。

权限类型	最低特权权限	更高特权权限
委派（工作或学校帐户）	ThreatIndicators.ReadWrite.OwnedBy	不可用。
委派（个人 Microsoft 帐户）	不支持。	不支持。
应用程序	ThreatIndicators.ReadWrite.OwnedBy	不可用。

HTTP 请求

POST /security/tiIndicators/submitTiIndicators

请求标头

名称	说明
Authorization	Bearer {code}

请求正文

在请求正文中，提供具有以下参数的 JSON 对象。

参数	类型	说明
值	tiIndicator 集合	要创建的 tiIndicator 的 JSON 集合。

对于每个 tiIndicator，请提供包含至少一个电子邮件、文件或网络可观测的 tiIndicator 对象的 JSON 表示形式，以及以下必填字段：action、、description、expirationDateTime、targetProductthreatType、。 tlpLevel

响应

如果成功，此方法在响应正文中返回响应 200 OK 代码和 tiIndicator 对象的集合。如果出现错误，此方法将 206 Partial Content 返回响应代码。有关详细信息，请参阅错误。

示例

以下示例演示如何调用此 API。

请求

以下示例显示了一个请求。

POST https://graph.microsoft.com/beta/security/tiIndicators/submitTiIndicators
Content-Type: application/json

{
  "value": [
    {
      "activityGroupNames": [],
      "confidence": 0,
      "description": "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
      "expirationDateTime": "2019-03-01T21:44:03.1668987+00:00",
      "externalId": "Test--8586509942423126760MS164-0",
      "fileHashType": "sha256",
      "fileHashValue": "b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6",
      "killChain": [],
      "malwareFamilyNames": [],
      "severity": 0,
      "tags": [],
      "targetProduct": "Azure Sentinel",
      "threatType": "WatchList",
      "tlpLevel": "green",
    },
    {
      "activityGroupNames": [],
      "confidence": 0,
      "description": "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
      "expirationDateTime": "2019-03-01T21:44:03.1748779+00:00",
      "externalId": "Test--8586509942423126760MS164-1",
      "fileHashType": "sha256",
      "fileHashValue": "1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b",
      "killChain": [],
      "malwareFamilyNames": [],
      "severity": 0,
      "tags": [],
      "targetProduct": "Azure Sentinel",
      "threatType": "WatchList",
      "tlpLevel": "green",
    }
  ]
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Beta.Security.TiIndicators.SubmitTiIndicators;
using Microsoft.Graph.Beta.Models;

var requestBody = new SubmitTiIndicatorsPostRequestBody
{
	Value = new List<TiIndicator>
	{
		new TiIndicator
		{
			ActivityGroupNames = new List<string>
			{
			},
			Confidence = 0,
			Description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
			ExpirationDateTime = DateTimeOffset.Parse("2019-03-01T21:44:03.1668987+00:00"),
			ExternalId = "Test--8586509942423126760MS164-0",
			FileHashType = FileHashType.Sha256,
			FileHashValue = "b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6",
			KillChain = new List<string>
			{
			},
			MalwareFamilyNames = new List<string>
			{
			},
			Severity = 0,
			Tags = new List<string>
			{
			},
			TargetProduct = "Azure Sentinel",
			ThreatType = "WatchList",
			TlpLevel = TlpLevel.Green,
		},
		new TiIndicator
		{
			ActivityGroupNames = new List<string>
			{
			},
			Confidence = 0,
			Description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
			ExpirationDateTime = DateTimeOffset.Parse("2019-03-01T21:44:03.1748779+00:00"),
			ExternalId = "Test--8586509942423126760MS164-1",
			FileHashType = FileHashType.Sha256,
			FileHashValue = "1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b",
			KillChain = new List<string>
			{
			},
			MalwareFamilyNames = new List<string>
			{
			},
			Severity = 0,
			Tags = new List<string>
			{
			},
			TargetProduct = "Azure Sentinel",
			ThreatType = "WatchList",
			TlpLevel = TlpLevel.Green,
		},
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Security.TiIndicators.SubmitTiIndicators.PostAsSubmitTiIndicatorsPostResponseAsync(requestBody);

重要

Microsoft Graph SDK 默认使用 v1.0 版本的 API，并且不支持 beta 版本中提供的所有类型、属性和 API。有关使用 SDK 访问 beta API 的详细信息，请参阅将 Microsoft Graph SDK 与 beta API 配合使用。

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。


// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta security ti-indicators submit-ti-indicators post --body '{\
  "value": [\
    {\
      "activityGroupNames": [],\
      "confidence": 0,\
      "description": "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",\
      "expirationDateTime": "2019-03-01T21:44:03.1668987+00:00",\
      "externalId": "Test--8586509942423126760MS164-0",\
      "fileHashType": "sha256",\
      "fileHashValue": "b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6",\
      "killChain": [],\
      "malwareFamilyNames": [],\
      "severity": 0,\
      "tags": [],\
      "targetProduct": "Azure Sentinel",\
      "threatType": "WatchList",\
      "tlpLevel": "green",\
    },\
    {\
      "activityGroupNames": [],\
      "confidence": 0,\
      "description": "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",\
      "expirationDateTime": "2019-03-01T21:44:03.1748779+00:00",\
      "externalId": "Test--8586509942423126760MS164-1",\
      "fileHashType": "sha256",\
      "fileHashValue": "1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b",\
      "killChain": [],\
      "malwareFamilyNames": [],\
      "severity": 0,\
      "tags": [],\
      "targetProduct": "Azure Sentinel",\
      "threatType": "WatchList",\
      "tlpLevel": "green",\
    }\
  ]\
}\
'

重要

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。



import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphsecurity "github.com/microsoftgraph/msgraph-beta-sdk-go/security"
	  graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)


requestBody := graphsecurity.NewSubmitTiIndicatorsPostRequestBody()


tiIndicator := graphmodels.NewTiIndicator()
activityGroupNames := []string {

}
tiIndicator.SetActivityGroupNames(activityGroupNames)
confidence := int32(0)
tiIndicator.SetConfidence(&confidence) 
description := "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator."
tiIndicator.SetDescription(&description) 
expirationDateTime , err := time.Parse(time.RFC3339, "2019-03-01T21:44:03.1668987+00:00")
tiIndicator.SetExpirationDateTime(&expirationDateTime) 
externalId := "Test--8586509942423126760MS164-0"
tiIndicator.SetExternalId(&externalId) 
fileHashType := graphmodels.SHA256_FILEHASHTYPE 
tiIndicator.SetFileHashType(&fileHashType) 
fileHashValue := "b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6"
tiIndicator.SetFileHashValue(&fileHashValue) 
killChain := []string {

}
tiIndicator.SetKillChain(killChain)
malwareFamilyNames := []string {

}
tiIndicator.SetMalwareFamilyNames(malwareFamilyNames)
severity := int32(0)
tiIndicator.SetSeverity(&severity) 
tags := []string {

}
tiIndicator.SetTags(tags)
targetProduct := "Azure Sentinel"
tiIndicator.SetTargetProduct(&targetProduct) 
threatType := "WatchList"
tiIndicator.SetThreatType(&threatType) 
tlpLevel := graphmodels.GREEN_TLPLEVEL 
tiIndicator.SetTlpLevel(&tlpLevel) 
tiIndicator1 := graphmodels.NewTiIndicator()
activityGroupNames := []string {

}
tiIndicator1.SetActivityGroupNames(activityGroupNames)
confidence := int32(0)
tiIndicator1.SetConfidence(&confidence) 
description := "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator."
tiIndicator1.SetDescription(&description) 
expirationDateTime , err := time.Parse(time.RFC3339, "2019-03-01T21:44:03.1748779+00:00")
tiIndicator1.SetExpirationDateTime(&expirationDateTime) 
externalId := "Test--8586509942423126760MS164-1"
tiIndicator1.SetExternalId(&externalId) 
fileHashType := graphmodels.SHA256_FILEHASHTYPE 
tiIndicator1.SetFileHashType(&fileHashType) 
fileHashValue := "1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b"
tiIndicator1.SetFileHashValue(&fileHashValue) 
killChain := []string {

}
tiIndicator1.SetKillChain(killChain)
malwareFamilyNames := []string {

}
tiIndicator1.SetMalwareFamilyNames(malwareFamilyNames)
severity := int32(0)
tiIndicator1.SetSeverity(&severity) 
tags := []string {

}
tiIndicator1.SetTags(tags)
targetProduct := "Azure Sentinel"
tiIndicator1.SetTargetProduct(&targetProduct) 
threatType := "WatchList"
tiIndicator1.SetThreatType(&threatType) 
tlpLevel := graphmodels.GREEN_TLPLEVEL 
tiIndicator1.SetTlpLevel(&tlpLevel) 

value := []graphmodels.TiIndicatorable {
	tiIndicator,
	tiIndicator1,
}
requestBody.SetValue(value)

submitTiIndicators, err := graphClient.Security().TiIndicators().SubmitTiIndicators().PostAsSubmitTiIndicatorsPostResponse(context.Background(), requestBody, nil)

重要

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

com.microsoft.graph.beta.security.tiindicators.submittiindicators.SubmitTiIndicatorsPostRequestBody submitTiIndicatorsPostRequestBody = new com.microsoft.graph.beta.security.tiindicators.submittiindicators.SubmitTiIndicatorsPostRequestBody();
LinkedList<TiIndicator> value = new LinkedList<TiIndicator>();
TiIndicator tiIndicator = new TiIndicator();
LinkedList<String> activityGroupNames = new LinkedList<String>();
tiIndicator.setActivityGroupNames(activityGroupNames);
tiIndicator.setConfidence(0);
tiIndicator.setDescription("This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.");
OffsetDateTime expirationDateTime = OffsetDateTime.parse("2019-03-01T21:44:03.1668987+00:00");
tiIndicator.setExpirationDateTime(expirationDateTime);
tiIndicator.setExternalId("Test--8586509942423126760MS164-0");
tiIndicator.setFileHashType(FileHashType.Sha256);
tiIndicator.setFileHashValue("b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6");
LinkedList<String> killChain = new LinkedList<String>();
tiIndicator.setKillChain(killChain);
LinkedList<String> malwareFamilyNames = new LinkedList<String>();
tiIndicator.setMalwareFamilyNames(malwareFamilyNames);
tiIndicator.setSeverity(0);
LinkedList<String> tags = new LinkedList<String>();
tiIndicator.setTags(tags);
tiIndicator.setTargetProduct("Azure Sentinel");
tiIndicator.setThreatType("WatchList");
tiIndicator.setTlpLevel(TlpLevel.Green);
value.add(tiIndicator);
TiIndicator tiIndicator1 = new TiIndicator();
LinkedList<String> activityGroupNames1 = new LinkedList<String>();
tiIndicator1.setActivityGroupNames(activityGroupNames1);
tiIndicator1.setConfidence(0);
tiIndicator1.setDescription("This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.");
OffsetDateTime expirationDateTime1 = OffsetDateTime.parse("2019-03-01T21:44:03.1748779+00:00");
tiIndicator1.setExpirationDateTime(expirationDateTime1);
tiIndicator1.setExternalId("Test--8586509942423126760MS164-1");
tiIndicator1.setFileHashType(FileHashType.Sha256);
tiIndicator1.setFileHashValue("1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b");
LinkedList<String> killChain1 = new LinkedList<String>();
tiIndicator1.setKillChain(killChain1);
LinkedList<String> malwareFamilyNames1 = new LinkedList<String>();
tiIndicator1.setMalwareFamilyNames(malwareFamilyNames1);
tiIndicator1.setSeverity(0);
LinkedList<String> tags1 = new LinkedList<String>();
tiIndicator1.setTags(tags1);
tiIndicator1.setTargetProduct("Azure Sentinel");
tiIndicator1.setThreatType("WatchList");
tiIndicator1.setTlpLevel(TlpLevel.Green);
value.add(tiIndicator1);
submitTiIndicatorsPostRequestBody.setValue(value);
var result = graphClient.security().tiIndicators().submitTiIndicators().post(submitTiIndicatorsPostRequestBody);

重要

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。


const options = {
	authProvider,
};

const client = Client.init(options);

const tiIndicator = {
  value: [
    {
      activityGroupNames: [],
      confidence: 0,
      description: 'This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.',
      expirationDateTime: '2019-03-01T21:44:03.1668987+00:00',
      externalId: 'Test--8586509942423126760MS164-0',
      fileHashType: 'sha256',
      fileHashValue: 'b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6',
      killChain: [],
      malwareFamilyNames: [],
      severity: 0,
      tags: [],
      targetProduct: 'Azure Sentinel',
      threatType: 'WatchList',
      tlpLevel: 'green',
    },
    {
      activityGroupNames: [],
      confidence: 0,
      description: 'This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.',
      expirationDateTime: '2019-03-01T21:44:03.1748779+00:00',
      externalId: 'Test--8586509942423126760MS164-1',
      fileHashType: 'sha256',
      fileHashValue: '1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b',
      killChain: [],
      malwareFamilyNames: [],
      severity: 0,
      tags: [],
      targetProduct: 'Azure Sentinel',
      threatType: 'WatchList',
      tlpLevel: 'green',
    }
  ]
};

await client.api('/security/tiIndicators/submitTiIndicators')
	.version('beta')
	.post(tiIndicator);

重要

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。


<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\SubmitTiIndicatorsPostRequestBody;
use Microsoft\Graph\Generated\Models\TiIndicator;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new SubmitTiIndicatorsPostRequestBody();
$valueTiIndicator1 = new TiIndicator();
$valueTiIndicator1->setActivityGroupNames([	]);
$valueTiIndicator1->setConfidence(0);
$valueTiIndicator1->setDescription('This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.');
$valueTiIndicator1->setExpirationDateTime(new \DateTime('2019-03-01T21:44:03.1668987+00:00'));
$valueTiIndicator1->setExternalId('Test--8586509942423126760MS164-0');
$valueTiIndicator1->setFileHashType(new FileHashType('sha256'));
$valueTiIndicator1->setFileHashValue('b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6');
$valueTiIndicator1->setKillChain([	]);
$valueTiIndicator1->setMalwareFamilyNames([	]);
$valueTiIndicator1->setSeverity(0);
$valueTiIndicator1->setTags([	]);
$valueTiIndicator1->setTargetProduct('Azure Sentinel');
$valueTiIndicator1->setThreatType('WatchList');
$valueTiIndicator1->setTlpLevel(new TlpLevel('green'));
$valueArray []= $valueTiIndicator1;
$valueTiIndicator2 = new TiIndicator();
$valueTiIndicator2->setActivityGroupNames([	]);
$valueTiIndicator2->setConfidence(0);
$valueTiIndicator2->setDescription('This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.');
$valueTiIndicator2->setExpirationDateTime(new \DateTime('2019-03-01T21:44:03.1748779+00:00'));
$valueTiIndicator2->setExternalId('Test--8586509942423126760MS164-1');
$valueTiIndicator2->setFileHashType(new FileHashType('sha256'));
$valueTiIndicator2->setFileHashValue('1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b');
$valueTiIndicator2->setKillChain([	]);
$valueTiIndicator2->setMalwareFamilyNames([	]);
$valueTiIndicator2->setSeverity(0);
$valueTiIndicator2->setTags([	]);
$valueTiIndicator2->setTargetProduct('Azure Sentinel');
$valueTiIndicator2->setThreatType('WatchList');
$valueTiIndicator2->setTlpLevel(new TlpLevel('green'));
$valueArray []= $valueTiIndicator2;
$requestBody->setValue($valueArray);


$result = $graphServiceClient->security()->tiIndicators()->submitTiIndicators()->post($requestBody)->wait();

重要

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。


Import-Module Microsoft.Graph.Beta.Security

$params = @{
	value = @(
		@{
			activityGroupNames = @(
			)
			confidence = 0
			description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator."
			expirationDateTime = [System.DateTime]::Parse("2019-03-01T21:44:03.1668987+00:00")
			externalId = "Test--8586509942423126760MS164-0"
			fileHashType = "sha256"
			fileHashValue = "b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6"
			killChain = @(
			)
			malwareFamilyNames = @(
			)
			severity = 0
			tags = @(
			)
			targetProduct = "Azure Sentinel"
			threatType = "WatchList"
			tlpLevel = "green"
		}
		@{
			activityGroupNames = @(
			)
			confidence = 0
			description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator."
			expirationDateTime = [System.DateTime]::Parse("2019-03-01T21:44:03.1748779+00:00")
			externalId = "Test--8586509942423126760MS164-1"
			fileHashType = "sha256"
			fileHashValue = "1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b"
			killChain = @(
			)
			malwareFamilyNames = @(
			)
			severity = 0
			tags = @(
			)
			targetProduct = "Azure Sentinel"
			threatType = "WatchList"
			tlpLevel = "green"
		}
	)
}

Submit-MgBetaSecurityTiIndicator -BodyParameter $params

重要

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。


from msgraph import GraphServiceClient
from msgraph.generated.security.tiindicators.submit_ti_indicators.submit_ti_indicators_post_request_body import SubmitTiIndicatorsPostRequestBody
from msgraph.generated.models.ti_indicator import TiIndicator

graph_client = GraphServiceClient(credentials, scopes)

request_body = SubmitTiIndicatorsPostRequestBody(
	value = [
		TiIndicator(
			activity_group_names = [
			],
			confidence = 0,
			description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
			expiration_date_time = "2019-03-01T21:44:03.1668987+00:00",
			external_id = "Test--8586509942423126760MS164-0",
			file_hash_type = FileHashType.Sha256,
			file_hash_value = "b555c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6",
			kill_chain = [
			],
			malware_family_names = [
			],
			severity = 0,
			tags = [
			],
			target_product = "Azure Sentinel",
			threat_type = "WatchList",
			tlp_level = TlpLevel.Green,
		),
		TiIndicator(
			activity_group_names = [
			],
			confidence = 0,
			description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
			expiration_date_time = "2019-03-01T21:44:03.1748779+00:00",
			external_id = "Test--8586509942423126760MS164-1",
			file_hash_type = FileHashType.Sha256,
			file_hash_value = "1796b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b",
			kill_chain = [
			],
			malware_family_names = [
			],
			severity = 0,
			tags = [
			],
			target_product = "Azure Sentinel",
			threat_type = "WatchList",
			tlp_level = TlpLevel.Green,
		),
	],
)

result = await graph_client.security.ti_indicators.submit_ti_indicators.post(request_body)

重要

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。

响应

以下示例显示了相应的响应。

注意

为了提高可读性，可能缩短了此处显示的响应对象。

HTTP/1.1 200 OK
Content-type: application/json

{
  "value": [
    {
      "@odata.type": "#microsoft.graph.tiIndicator",
      "id": "c6fb948b-89c5-3bba-a2cd-a9d9a1e430e4",
      "azureTenantId": "XXXXXXXXXXXXXXXXXXXXX",
      "action": null,
      "additionalInformation": null,
      "activityGroupNames": [],
      "confidence": 0,
      "description": "This is a test indicator for demo purpose. Take no action on any observables set in this indicator.",
    }
  ]
}

tiIndicator：submitTiIndicators

权限

HTTP 请求

请求标头

请求正文

响应

示例

请求

响应

反馈

反馈

其他资源