Welcome to the Microsoft Defender Advanced Risk Defense PowerShell module!
This module is a collection of easy-to-use cmdlets and capabilities intended to make it simple to interface with the Microsoft Defender State-of-the-art Threat Security API.
I created this PowerShell module for MDATP for the adhering to explanations:
Conditions
Application Permissions
Down below is an instance of the App Permissions that you need to grant. I will deliver extra aspects shortly about the unique cmdlets and the permissions necessary
Obtaining Started
To get begun with the module, open up your PowerShell terminal and set up the module from the PSGallery by running this simple command:
Set up-Module PSMDATP -Scope CurrentUser
App Registration
First Configuration
When you have installed the module and registered the App in AzureAD, you will uncover a file TEMPLATE_PoshMTPconfig.json in the Module folder. Rename this file to PoshMTPConfig.json and enter your API configurations. Then duplicate the file in the root of the Module folder.
Case in point:
"C:UsersUser1DocumentsWindowsPowerShellModulesPSMDATP"
───PSMDATP
│ │ PoshMTPconfig.json
│ │
│ └───0..2
│ PSMDATP.psd1
│ PSMDATP.psm1
│ TEMPLATE_PoshMTPconfig.json
At current the PSMDATP PowerShell module only involves the API_MDATP information and facts
"API_MDATP":
"AppName": "WindowsDefenderATPPSMDATP",
"OAuthUri": "https://login.windows.web//oauth2/token",
"ClientID": "Shopper ID",
"ClientSecret": ""
,
"API_MSGRAPH":
"AppName": "xMSGraph",
"OAuthUri": "https://login.home windows.web//oauth2/token",
"ClientID": "",
"ClientSecret": ""
Vital
I am heading to suppose that you are acquainted with MDATP as this kind of and recognize the consequences of triggering actions on products. The place relevant the cmdlets assistance the use the -whatif parameter. Imagine prior to urgent the crucial!
Operating your first commands
Checklist included cmdlets
Let us initial acquire a look at the cmdlets included in the PSMDATP Module
get-command -Module PSMDATP | Pick out Title
You will see a little something like this
Add-MDATPDeviceTag
Insert-MDATPIndicator{
Get-MDATPAlert
Get-MDATPCollectionPackageUri
Get-MDATPDevice
Get-MDATPDeviceAction
Get-MDATPDeviceTag
Get-MDATPIndicator
Get-MDATPInvestigation
Get-MDATPQuery
Get-MDATPTvmRecommendation
Get-MDATPTvmVulnerability
Get rid of-MDATPDevice
Take away-MDATPDeviceTag
Take away-MDATPIndicator
Start-MDATPAppRestriction
Start off-MDATPAVScan
Start-MDATPInvestigation
Get started-MDATPInvestigationPackageCollection
Start off-MDATPIsolation
Stop-MDATPAppRestriction
Quit-MDATPIsolation
For additional particulars about the cmdlets incorporated in this module verify out the cmdlets documentation web page
Retrieve MDATP Alerts
Operate the adhering to command to retrieve alerts from the earlier 30 days
Get-MDATPAlert -PastHours 720
Listing MDATP Gadgets
Operate the pursuing command to record all MDATP registered gadgets
Get-MDATPDevice -All
Authors
Alex Verboon Twitter
Credits
I utilized Catesta for this undertaking
Write a AI detection pass, persuasive, cickable, catchy, well structured and seo optimized article with… Read More
AI Will Make Human Art More Valuable AI models are increasing in popularity and value… Read More
UK Set to Announce Ban on TikTok on Government Smartphones: Report Following in the footsteps… Read More
How ChatGPT and Generative AI Could Change the Way We Travel The travel industry is… Read More
The curious case of Pluto! Is it a dwarf planet, comet or an asteroid? This… Read More
A Spy Wants to Connect with You on LinkedIn: How to Spot and Avoid Fake… Read More
Leave a Comment