diff --git a/defender-endpoint/api/get-domain-related-machines.md b/defender-endpoint/api/get-domain-related-machines.md index 9ad5b57a9f..8ac8bcd273 100644 --- a/defender-endpoint/api/get-domain-related-machines.md +++ b/defender-endpoint/api/get-domain-related-machines.md @@ -15,7 +15,7 @@ ms.topic: reference ms.subservice: reference ms.custom: api search.appverid: met150 -ms.date: 12/18/2020 +ms.date: 11/03/2024 --- # Get domain-related machines API @@ -38,27 +38,26 @@ ms.date: 12/18/2020 Retrieves a collection of [Machines](machine.md) that have communicated to or from a given domain address. ## Limitations - -1. You can query on devices last updated according to your configured retention period. -2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour. + +- You can query on devices last updated according to your configured retention period. +- Rate limitations for this API are 100 calls per minute and 1500 calls per hour. +- Responses are limited to 500 devices in results. ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md) -Permission type|Permission|Permission display name -:---|:---|:--- -Application|Machine.Read.All|'Read all machine profiles' -Application|Machine.ReadWrite.All|'Read and write all machine information' -Delegated (work or school account)|Machine.Read|'Read machine information' -Delegated (work or school account)|Machine.ReadWrite|'Read and write machine information' +|Permission type|Permission|Permission display name| +|:---|:---|:---| +|Application|`Machine.Read.All`|`Read all machine profiles`| +|Application|`Machine.ReadWrite.All`|`Read and write all machine information`| +|Delegated (work or school account)|`Machine.Read`|`Read machine information`| +|Delegated (work or school account)|`Machine.ReadWrite`|`Read and write machine information`| > [!NOTE] > When obtaining a token using user credentials: -> -> - The user needs to have at least the following role permission: 'View Data' (For more information, see [Create and manage roles](../user-roles.md) -> - Response will include only devices that the user can access, based on device group settings (For more information, see [Create and manage device groups](../machine-groups.md) -> +> - The user must have at least the following role permission: `View Data`. For more information, see [Create and manage roles](../user-roles.md). +> - Responses include only devices that the user can access, based on device group settings. For more information, see [Create and manage device groups](../machine-groups.md). > Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request @@ -69,9 +68,9 @@ GET /api/domains/{domain}/machines ## Request headers -Name|Type|Description -:---|:---|:--- -Authorization|String|Bearer {token}. **Required**. +|Name|Type|Description| +|:---|:---|:---| +|Authorization|String|`Bearer {token}`.
**Required**.| ## Request body @@ -79,7 +78,11 @@ Empty ## Response -If successful and domain exists - 200 OK with list of [machine](machine.md) entities. If domain doesn't exist - 200 OK with an empty set. +If successful, and the domain exists: +- 200 OK with list of [machine](machine.md) entities + +If domain doesn't exist: +- 200 OK with an empty set ## Example @@ -90,4 +93,5 @@ Here's an example of the request. ```http GET https://api.securitycenter.microsoft.com/api/domains/api.securitycenter.microsoft.com/machines ``` + [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../../includes/defender-mde-techcommunity.md)] diff --git a/defender-xdr/supported-event-types.md b/defender-xdr/supported-event-types.md index c0b8157530..640cea0f0f 100644 --- a/defender-xdr/supported-event-types.md +++ b/defender-xdr/supported-event-types.md @@ -43,6 +43,9 @@ The following table only includes the list of the tables supported in the stream |----|----|----|----|----| | **[AlertEvidence](advanced-hunting-alertevidence-table.md)** | GA | GA | GA | GA | | **[AlertInfo](advanced-hunting-alertinfo-table.md)** | GA | GA | GA | GA | +| **[BehaviorEntities](advanced-hunting-behaviorentities-table.md)**|Public preview |Not available |Not available |Not available | +| **[BehaviorInfo](advanced-hunting-behaviorinfo-table.md)**|Public preview |Not available |Not available |Not available | +| **[CloudAppEvents](advanced-hunting-cloudappevents-table.md)**|GA |GA |GA |GA | | **[DeviceEvents](advanced-hunting-deviceevents-table.md)** |GA | GA | GA | GA | | **[DeviceFileCertificateInfo](advanced-hunting-DeviceFileCertificateInfo-table.md)** |GA | GA | GA | GA | | **[DeviceFileEvents](advanced-hunting-devicefileevents-table.md)** | GA | GA | GA | GA | @@ -60,7 +63,6 @@ The following table only includes the list of the tables supported in the stream | **[IdentityLogonEvents](advanced-hunting-identitylogonevents-table.md)**|GA |GA |GA |GA | | **[IdentityQueryEvents](advanced-hunting-identityqueryevents-table.md)**|GA |GA |GA |GA | | **[IdentityDirectoryEvents](advanced-hunting-identitydirectoryevents-table.md)**|GA |GA |GA |GA | -| **[CloudAppEvents](advanced-hunting-cloudappevents-table.md)**|GA |GA |GA |GA | | **[UrlClickEvents](advanced-hunting-urlclickevents-table.md)**|Public preview |Not available |Not available |Not available | ## Related topics