Créer un indicateur de renseignement sur les menaces

POST https://graph.microsoft.com/beta/security/tiIndicators
Content-type: application/json

{
  "action": "alert",
  "activityGroupNames": [],
  "confidence": 0,
  "description": "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
  "expirationDateTime": "2019-03-01T21:43:37.5031462+00:00",
  "externalId": "Test--8586509942679764298MS501",
  "fileHashType": "sha256",
  "fileHashValue": "aa64428647b57bf51524d1756b2ed746e5a3f31b67cf7fe5b5d8a9daf07ca313",
  "killChain": [],
  "malwareFamilyNames": [],
  "severity": 0,
  "tags": [],
  "targetProduct": "Azure Sentinel",
  "threatType": "WatchList",
  "tlpLevel": "green"
}

// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Beta.Models;

var requestBody = new TiIndicator
{
	Action = TiAction.Alert,
	ActivityGroupNames = new List<string>
	{
	},
	Confidence = 0,
	Description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
	ExpirationDateTime = DateTimeOffset.Parse("2019-03-01T21:43:37.5031462+00:00"),
	ExternalId = "Test--8586509942679764298MS501",
	FileHashType = FileHashType.Sha256,
	FileHashValue = "aa64428647b57bf51524d1756b2ed746e5a3f31b67cf7fe5b5d8a9daf07ca313",
	KillChain = new List<string>
	{
	},
	MalwareFamilyNames = new List<string>
	{
	},
	Severity = 0,
	Tags = new List<string>
	{
	},
	TargetProduct = "Azure Sentinel",
	ThreatType = "WatchList",
	TlpLevel = TlpLevel.Green,
};

// To initialize your graphClient, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Security.TiIndicators.PostAsync(requestBody);

mgc-beta security ti-indicators create --body '{\
  "action": "alert",\
  "activityGroupNames": [],\
  "confidence": 0,\
  "description": "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",\
  "expirationDateTime": "2019-03-01T21:43:37.5031462+00:00",\
  "externalId": "Test--8586509942679764298MS501",\
  "fileHashType": "sha256",\
  "fileHashValue": "aa64428647b57bf51524d1756b2ed746e5a3f31b67cf7fe5b5d8a9daf07ca313",\
  "killChain": [],\
  "malwareFamilyNames": [],\
  "severity": 0,\
  "tags": [],\
  "targetProduct": "Azure Sentinel",\
  "threatType": "WatchList",\
  "tlpLevel": "green"\
}\
'

// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  "time"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
	  //other-imports
)

requestBody := graphmodels.NewTiIndicator()
action := graphmodels.ALERT_TIACTION 
requestBody.SetAction(&action) 
activityGroupNames := []string {

}
requestBody.SetActivityGroupNames(activityGroupNames)
confidence := int32(0)
requestBody.SetConfidence(&confidence) 
description := "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator."
requestBody.SetDescription(&description) 
expirationDateTime , err := time.Parse(time.RFC3339, "2019-03-01T21:43:37.5031462+00:00")
requestBody.SetExpirationDateTime(&expirationDateTime) 
externalId := "Test--8586509942679764298MS501"
requestBody.SetExternalId(&externalId) 
fileHashType := graphmodels.SHA256_FILEHASHTYPE 
requestBody.SetFileHashType(&fileHashType) 
fileHashValue := "aa64428647b57bf51524d1756b2ed746e5a3f31b67cf7fe5b5d8a9daf07ca313"
requestBody.SetFileHashValue(&fileHashValue) 
killChain := []string {

}
requestBody.SetKillChain(killChain)
malwareFamilyNames := []string {

}
requestBody.SetMalwareFamilyNames(malwareFamilyNames)
severity := int32(0)
requestBody.SetSeverity(&severity) 
tags := []string {

}
requestBody.SetTags(tags)
targetProduct := "Azure Sentinel"
requestBody.SetTargetProduct(&targetProduct) 
threatType := "WatchList"
requestBody.SetThreatType(&threatType) 
tlpLevel := graphmodels.GREEN_TLPLEVEL 
requestBody.SetTlpLevel(&tlpLevel) 

// To initialize your graphClient, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=go
tiIndicators, err := graphClient.Security().TiIndicators().Post(context.Background(), requestBody, nil)

// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

TiIndicator tiIndicator = new TiIndicator();
tiIndicator.setAction(TiAction.Alert);
LinkedList<String> activityGroupNames = new LinkedList<String>();
tiIndicator.setActivityGroupNames(activityGroupNames);
tiIndicator.setConfidence(0);
tiIndicator.setDescription("This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.");
OffsetDateTime expirationDateTime = OffsetDateTime.parse("2019-03-01T21:43:37.5031462+00:00");
tiIndicator.setExpirationDateTime(expirationDateTime);
tiIndicator.setExternalId("Test--8586509942679764298MS501");
tiIndicator.setFileHashType(FileHashType.Sha256);
tiIndicator.setFileHashValue("aa64428647b57bf51524d1756b2ed746e5a3f31b67cf7fe5b5d8a9daf07ca313");
LinkedList<String> killChain = new LinkedList<String>();
tiIndicator.setKillChain(killChain);
LinkedList<String> malwareFamilyNames = new LinkedList<String>();
tiIndicator.setMalwareFamilyNames(malwareFamilyNames);
tiIndicator.setSeverity(0);
LinkedList<String> tags = new LinkedList<String>();
tiIndicator.setTags(tags);
tiIndicator.setTargetProduct("Azure Sentinel");
tiIndicator.setThreatType("WatchList");
tiIndicator.setTlpLevel(TlpLevel.Green);
TiIndicator result = graphClient.security().tiIndicators().post(tiIndicator);

const options = {
	authProvider,
};

const client = Client.init(options);

const tiIndicator = {
  action: 'alert',
  activityGroupNames: [],
  confidence: 0,
  description: 'This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.',
  expirationDateTime: '2019-03-01T21:43:37.5031462+00:00',
  externalId: 'Test--8586509942679764298MS501',
  fileHashType: 'sha256',
  fileHashValue: 'aa64428647b57bf51524d1756b2ed746e5a3f31b67cf7fe5b5d8a9daf07ca313',
  killChain: [],
  malwareFamilyNames: [],
  severity: 0,
  tags: [],
  targetProduct: 'Azure Sentinel',
  threatType: 'WatchList',
  tlpLevel: 'green'
};

await client.api('/security/tiIndicators')
	.version('beta')
	.post(tiIndicator);

<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\TiIndicator;
use Microsoft\Graph\Beta\Generated\Models\TiAction;
use Microsoft\Graph\Beta\Generated\Models\FileHashType;
use Microsoft\Graph\Beta\Generated\Models\TlpLevel;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new TiIndicator();
$requestBody->setAction(new TiAction('alert'));
$requestBody->setActivityGroupNames([	]);
$requestBody->setConfidence(0);
$requestBody->setDescription('This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.');
$requestBody->setExpirationDateTime(new \DateTime('2019-03-01T21:43:37.5031462+00:00'));
$requestBody->setExternalId('Test--8586509942679764298MS501');
$requestBody->setFileHashType(new FileHashType('sha256'));
$requestBody->setFileHashValue('aa64428647b57bf51524d1756b2ed746e5a3f31b67cf7fe5b5d8a9daf07ca313');
$requestBody->setKillChain([	]);
$requestBody->setMalwareFamilyNames([	]);
$requestBody->setSeverity(0);
$requestBody->setTags([	]);
$requestBody->setTargetProduct('Azure Sentinel');
$requestBody->setThreatType('WatchList');
$requestBody->setTlpLevel(new TlpLevel('green'));

$result = $graphServiceClient->security()->tiIndicators()->post($requestBody)->wait();

Import-Module Microsoft.Graph.Beta.Security

$params = @{
	action = "alert"
	activityGroupNames = @(
	)
	confidence = 0
	description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator."
	expirationDateTime = [System.DateTime]::Parse("2019-03-01T21:43:37.5031462+00:00")
	externalId = "Test--8586509942679764298MS501"
	fileHashType = "sha256"
	fileHashValue = "aa64428647b57bf51524d1756b2ed746e5a3f31b67cf7fe5b5d8a9daf07ca313"
	killChain = @(
	)
	malwareFamilyNames = @(
	)
	severity = 0
	tags = @(
	)
	targetProduct = "Azure Sentinel"
	threatType = "WatchList"
	tlpLevel = "green"
}

New-MgBetaSecurityTiIndicator -BodyParameter $params

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.ti_indicator import TiIndicator
from msgraph_beta.generated.models.ti_action import TiAction
from msgraph_beta.generated.models.file_hash_type import FileHashType
from msgraph_beta.generated.models.tlp_level import TlpLevel
# To initialize your graph_client, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = TiIndicator(
	action = TiAction.Alert,
	activity_group_names = [
	],
	confidence = 0,
	description = "This is a canary indicator for demo purpose. Take no action on any observables set in this indicator.",
	expiration_date_time = "2019-03-01T21:43:37.5031462+00:00",
	external_id = "Test--8586509942679764298MS501",
	file_hash_type = FileHashType.Sha256,
	file_hash_value = "aa64428647b57bf51524d1756b2ed746e5a3f31b67cf7fe5b5d8a9daf07ca313",
	kill_chain = [
	],
	malware_family_names = [
	],
	severity = 0,
	tags = [
	],
	target_product = "Azure Sentinel",
	threat_type = "WatchList",
	tlp_level = TlpLevel.Green,
)

result = await graph_client.security.ti_indicators.post(request_body)