New-MgBetaSecurityThreatIntelligenceHost
Create new navigation property to hosts for security
Note
To view the v1.0 release of this cmdlet, view New-MgSecurityThreatIntelligenceHost
Syntax
CreateExpanded (Default)
New-MgBetaSecurityThreatIntelligenceHost
[-ResponseHeadersVariable <string>]
[-AdditionalProperties <hashtable>]
[-ChildHostPairs <IMicrosoftGraphSecurityHostPair[]>]
[-Components <IMicrosoftGraphSecurityHostComponent[]>]
[-Cookies <IMicrosoftGraphSecurityHostCookie[]>]
[-FirstSeenDateTime <datetime>]
[-HostPairs <IMicrosoftGraphSecurityHostPair[]>]
[-Id <string>]
[-LastSeenDateTime <datetime>]
[-ParentHostPairs <IMicrosoftGraphSecurityHostPair[]>]
[-PassiveDns <IMicrosoftGraphSecurityPassiveDnsRecord[]>]
[-PassiveDnsReverse <IMicrosoftGraphSecurityPassiveDnsRecord[]>]
[-Ports <IMicrosoftGraphSecurityHostPort[]>]
[-Reputation <IMicrosoftGraphSecurityHostReputation>]
[-SslCertificates <IMicrosoftGraphSecurityHostSslCertificate[]>]
[-Subdomains <IMicrosoftGraphSecuritySubdomain[]>]
[-Trackers <IMicrosoftGraphSecurityHostTracker[]>]
[-Whois <IMicrosoftGraphSecurityWhoisRecord>]
[-Break]
[-Headers <IDictionary>]
[-HttpPipelineAppend <SendAsyncStep[]>]
[-HttpPipelinePrepend <SendAsyncStep[]>]
[-Proxy <uri>]
[-ProxyCredential <pscredential>]
[-ProxyUseDefaultCredentials]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Create
New-MgBetaSecurityThreatIntelligenceHost
-BodyParameter <IMicrosoftGraphSecurityHost>
[-ResponseHeadersVariable <string>]
[-Break]
[-Headers <IDictionary>]
[-HttpPipelineAppend <SendAsyncStep[]>]
[-HttpPipelinePrepend <SendAsyncStep[]>]
[-Proxy <uri>]
[-ProxyCredential <pscredential>]
[-ProxyUseDefaultCredentials]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Parameters
-AdditionalProperties
Additional Parameters
Parameter properties
| Type: | System.Collections.Hashtable |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CreateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-BodyParameter
host To construct, see NOTES section for BODYPARAMETER properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphSecurityHost |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
Create
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Break
Wait for .NET debugger to attach
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ChildHostPairs
The hostPairs that are resources associated with a host, where that host is the parentHost and has an outgoing pairing to a cihldHost. To construct, see NOTES section for CHILDHOSTPAIRS properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphSecurityHostPair[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CreateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Components
The hostComponents that are associated with this host. To construct, see NOTES section for COMPONENTS properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphSecurityHostComponent[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CreateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | cf |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Cookies
The hostCookies that are associated with this host. To construct, see NOTES section for COOKIES properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphSecurityHostCookie[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CreateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-FirstSeenDateTime
The first date and time when this host was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
Parameter properties
| Type: | System.DateTime |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CreateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Headers
Optional headers that will be added to the request.
Parameter properties
| Type: | System.Collections.IDictionary |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | True |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-HostPairs
The hostPairs that are associated with this host, where this host is either the parentHost or childHost. To construct, see NOTES section for HOSTPAIRS properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphSecurityHostPair[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CreateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-HttpPipelineAppend
SendAsync Pipeline Steps to be appended to the front of the pipeline
Parameter properties
| Type: | Microsoft.Graph.Beta.PowerShell.Runtime.SendAsyncStep[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-HttpPipelinePrepend
SendAsync Pipeline Steps to be prepended to the front of the pipeline
Parameter properties
| Type: | Microsoft.Graph.Beta.PowerShell.Runtime.SendAsyncStep[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Id
The unique identifier for an entity. Read-only.
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CreateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-LastSeenDateTime
The most recent date and time when this host was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
Parameter properties
| Type: | System.DateTime |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CreateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ParentHostPairs
The hostPairs that are associated with a host, where that host is the childHost and has an incoming pairing with a parentHost. To construct, see NOTES section for PARENTHOSTPAIRS properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphSecurityHostPair[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CreateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-PassiveDns
Passive DNS retrieval about this host. To construct, see NOTES section for PASSIVEDNS properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphSecurityPassiveDnsRecord[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CreateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-PassiveDnsReverse
Reverse passive DNS retrieval about this host. To construct, see NOTES section for PASSIVEDNSREVERSE properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphSecurityPassiveDnsRecord[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CreateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Ports
The hostPorts associated with a host. To construct, see NOTES section for PORTS properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphSecurityHostPort[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CreateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Proxy
The URI for the proxy server to use
Parameter properties
| Type: | System.Uri |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ProxyCredential
Credentials for a proxy server to use for the remote call
Parameter properties
| Type: | System.Management.Automation.PSCredential |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ProxyUseDefaultCredentials
Use the default credentials for the proxy
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Reputation
hostReputation To construct, see NOTES section for REPUTATION properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphSecurityHostReputation |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CreateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ResponseHeadersVariable
Optional Response Headers Variable.
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | RHV |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-SslCertificates
The hostSslCertificates that are associated with this host. To construct, see NOTES section for SSLCERTIFICATES properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphSecurityHostSslCertificate[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CreateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Subdomains
The subdomains that are associated with this host. To construct, see NOTES section for SUBDOMAINS properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphSecuritySubdomain[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CreateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Trackers
The hostTrackers that are associated with this host. To construct, see NOTES section for TRACKERS properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphSecurityHostTracker[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CreateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-WhatIf
Runs the command in a mode that only reports what would happen without performing the actions.
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | wi |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Whois
whoisRecord To construct, see NOTES section for WHOIS properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphSecurityWhoisRecord |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CreateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphSecurityHost
{{ Fill in the Description }}
System.Collections.IDictionary
{{ Fill in the Description }}
Outputs
Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphSecurityHost
{{ Fill in the Description }}
Notes
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
BODYPARAMETER <IMicrosoftGraphSecurityHost>: host
[(Any) <Object>]: This indicates any property can be added to this object.
[Id <String>]: The unique identifier for an entity.
Read-only.
[ChildHostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are resources associated with a host, where that host is the parentHost and has an outgoing pairing to a cihldHost.
[Id <String>]: The unique identifier for an entity.
Read-only.
[ChildHost <IMicrosoftGraphSecurityHost>]: host
[FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPair.
The timestamp type represents date and time information using ISO 8601 format and is always in UTC.
For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.
[LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPair.
The timestamp type represents date and time information using ISO 8601 format and is always in UTC.
For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.
[LinkKind <String>]: The reason that two hosts are identified as hostPair.
[ParentHost <IMicrosoftGraphSecurityHost>]: host
[Components <IMicrosoftGraphSecurityHostComponent[]>]: The hostComponents that are associated with this host.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Category <String>]: The type of component that was detected (for example, Operating System, Framework, Remote Access, or Server).
[FirstSeenDateTime <DateTime?>]: The first date and time when this web component was observed by Microsoft Defender Threat Intelligence.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Host <IMicrosoftGraphSecurityHost>]: host
[LastSeenDateTime <DateTime?>]: The most recent date and time when this web component was observed by Microsoft Defender Threat Intelligence.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Name <String>]: A name running on the artifact, for example, Microsoft IIS.
[Version <String>]: The component version running on the artifact, for example, v8.5.
This shouldn't be assumed to be strictly numerical.
[Cookies <IMicrosoftGraphSecurityHostCookie[]>]: The hostCookies that are associated with this host.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Domain <String>]: The URI for which the cookie is valid.
[FirstSeenDateTime <DateTime?>]: The first date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Host <IMicrosoftGraphSecurityHost>]: host
[LastSeenDateTime <DateTime?>]: The most recent date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Name <String>]: The name of the cookie, for example, JSESSIONID or SEARCH_NAMESITE.
[FirstSeenDateTime <DateTime?>]: The first date and time when this host was observed.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[HostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are associated with this host, where this host is either the parentHost or childHost.
[LastSeenDateTime <DateTime?>]: The most recent date and time when this host was observed.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[ParentHostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are associated with a host, where that host is the childHost and has an incoming pairing with a parentHost.
[PassiveDns <IMicrosoftGraphSecurityPassiveDnsRecord[]>]: Passive DNS retrieval about this host.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Artifact <IMicrosoftGraphSecurityArtifact>]: artifact
[(Any) <Object>]: This indicates any property can be added to this object.
[Id <String>]: The unique identifier for an entity.
Read-only.
[CollectedDateTime <DateTime?>]: The date and time that this passiveDnsRecord entry was collected by Microsoft.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[FirstSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was first seen.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[LastSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was most recently seen.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[ParentHost <IMicrosoftGraphSecurityHost>]: host
[RecordType <String>]: The DNS record type for this passiveDnsRecord entry.
[PassiveDnsReverse <IMicrosoftGraphSecurityPassiveDnsRecord[]>]: Reverse passive DNS retrieval about this host.
[Ports <IMicrosoftGraphSecurityHostPort[]>]: The hostPorts associated with a host.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Banners <IMicrosoftGraphSecurityHostPortBanner[]>]: The hostPortBanners retrieved from scanning the port.
[Banner <String>]: The text response received from a web component when scanning a hostPort.
[FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner.
The timestamp type represents date and time information using ISO 8601 format and is always in UTC.
For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.
[LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner.
The timestamp type represents date and time information using ISO 8601 format and is always in UTC.
For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.
[ScanProtocol <String>]: The specific protocol used to scan the hostPort.
[TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPortBanner in all its scans.
[FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPort.
The timestamp type represents date and time information using ISO 8601 format and is always in UTC.
For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.
[Host <IMicrosoftGraphSecurityHost>]: host
[LastScanDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence scanned the hostPort.
The timestamp type represents date and time information using ISO 8601 format and is always in UTC.
For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.
[LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPort.
The timestamp type represents date and time information using ISO 8601 format and is always in UTC.
For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.
[MostRecentSslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate
[(Any) <Object>]: This indicates any property can be added to this object.
[Id <String>]: The unique identifier for an entity.
Read-only.
[ExpirationDateTime <DateTime?>]: The date and time when a certificate expires.
The timestamp type represents date and time information using ISO 8601 format and is always in UTC.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Fingerprint <String>]: A hash of the certificate calculated on the data and signature.
[FirstSeenDateTime <DateTime?>]: The first date and time when this sslCertificate was observed.
The timestamp type represents date and time information using ISO 8601 format and is always in UTC.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[IssueDateTime <DateTime?>]: The date and time when a certificate was issued.
The timestamp type represents date and time information using ISO 8601 format and is always in UTC.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Issuer <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity
[(Any) <Object>]: This indicates any property can be added to this object.
[Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress
[(Any) <Object>]: This indicates any property can be added to this object.
[City <String>]: The city.
[CountryOrRegion <String>]: The country or region.
It's a free-format string value, for example, 'United States'.
[PostOfficeBox <String>]: The post office box number.
[PostalCode <String>]: The postal code.
[State <String>]: The state.
[Street <String>]: The street.
[Type <String>]: physicalAddressType
[AlternateNames <String[]>]: Alternate names for this entity that are part of the certificate.
[CommonName <String>]: A common name for this entity.
[Email <String>]: An email for this entity.
[GivenName <String>]: If the entity is a person, this is the person's given name (first name).
[OrganizationName <String>]: If the entity is an organization, this is the name of the organization.
[OrganizationUnitName <String>]: If the entity is an organization, this communicates if a unit in the organization is named on the entity.
[SerialNumber <String>]: A serial number assigned to the entity; usually only available if the entity is the issuer.
[Surname <String>]: If the entity is a person, this is the person's surname (last name).
[LastSeenDateTime <DateTime?>]: The most recent date and time when this sslCertificate was observed.
The timestamp type represents date and time information using ISO 8601 format and is always in UTC.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[RelatedHosts <IMicrosoftGraphSecurityHost[]>]: The host resources related with this sslCertificate.
[SerialNumber <String>]: The serial number associated with an SSL certificate.
[Sha1 <String>]: A SHA-1 hash of the certificate.
Note: This is not the signature.
[Subject <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity
[Port <Int32?>]: The numerical identifier of the port which is standardized across the internet.
[Protocol <String>]: hostPortProtocol
[Services <IMicrosoftGraphSecurityHostPortComponent[]>]: The hostPortComponents retrieved from scanning the port.
[Component <IMicrosoftGraphSecurityHostComponent>]: hostComponent
[FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent.
The timestamp type represents date and time information using ISO 8601 format and is always in UTC.
For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.
[IsRecent <Boolean?>]: Indicates whether this hostPortComponent is recent, which is determined by whether the hostPortComponent was observed either at the same time or after the latest hostPortBanner in the scan history, or within two days of the latest scan of the hostPort when there are no hostPortBanners in the scan history.
[LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent.
The timestamp type represents date and time information using ISO 8601 format and is always in UTC.
For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.
[Status <String>]: hostPortStatus
[TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPort in all its scans.
[Reputation <IMicrosoftGraphSecurityHostReputation>]: hostReputation
[(Any) <Object>]: This indicates any property can be added to this object.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Classification <String>]: hostReputationClassification
[Rules <IMicrosoftGraphSecurityHostReputationRule[]>]: A collection of rules that have been used to calculate the classification and score.
[Description <String>]: The description of the rule that gives more context.
[Name <String>]: The name of the rule.
[RelatedDetailsUrl <String>]: Link to a web page with details related to this rule.
[Severity <String>]: hostReputationRuleSeverity
[Score <Int32?>]: The calculated score (0-100) of the requested host.
A higher value indicates that this host is more likely to be suspicious or malicious.
[SslCertificates <IMicrosoftGraphSecurityHostSslCertificate[]>]: The hostSslCertificates that are associated with this host.
[Id <String>]: The unique identifier for an entity.
Read-only.
[FirstSeenDateTime <DateTime?>]: The first date and time that this hostSslCertificate was observed.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Host <IMicrosoftGraphSecurityHost>]: host
[LastSeenDateTime <DateTime?>]: The most recent date and time that this hostSslCertificate was observed.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Ports <IMicrosoftGraphSecurityHostSslCertificatePort[]>]: The ports related with this hostSslCertificate.
[FirstSeenDateTime <DateTime?>]: The first date and time that this port was observed.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[LastSeenDateTime <DateTime?>]: The most recent date and time that this port was observed.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Port <Int32?>]: The port number.
[SslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate
[Subdomains <IMicrosoftGraphSecuritySubdomain[]>]: The subdomains that are associated with this host.
[Id <String>]: The unique identifier for an entity.
Read-only.
[FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the subdomain.
The timestamp type represents date and time information using ISO 8601 format and is always in UTC.
For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.
[Host <IMicrosoftGraphSecurityHost>]: host
[Trackers <IMicrosoftGraphSecurityHostTracker[]>]: The hostTrackers that are associated with this host.
[Id <String>]: The unique identifier for an entity.
Read-only.
[FirstSeenDateTime <DateTime?>]: The first date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Host <IMicrosoftGraphSecurityHost>]: host
[Kind <String>]: The kind of hostTracker that was detected.
For example, GoogleAnalyticsID or JarmHash.
[LastSeenDateTime <DateTime?>]: The most recent date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Value <String>]: The identification value for the hostTracker.
[Whois <IMicrosoftGraphSecurityWhoisRecord>]: whoisRecord
[(Any) <Object>]: This indicates any property can be added to this object.
[Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[(Any) <Object>]: This indicates any property can be added to this object.
[Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress
[Email <String>]: The email of this WHOIS contact.
[Fax <String>]: The fax of this WHOIS contact.
No format is guaranteed.
[Name <String>]: The name of this WHOIS contact.
[Organization <String>]: The organization of this WHOIS contact.
[Telephone <String>]: The telephone of this WHOIS contact.
No format is guaranteed.
[Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[DomainStatus <String>]: The domain status for this WHOIS object.
[ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Host <IMicrosoftGraphSecurityHost>]: host
[LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Nameservers <IMicrosoftGraphSecurityWhoisNameserver[]>]: The nameservers for this WHOIS object.
[FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS contact.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Host <IMicrosoftGraphSecurityHost>]: host
[LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS contact.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[RawWhoisText <String>]: The raw WHOIS details for this WHOIS object.
[Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[WhoisServer <String>]: The WHOIS server that provides the details.
[Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[Id <String>]: The unique identifier for an entity.
Read-only.
[History <IMicrosoftGraphSecurityWhoisHistoryRecord[]>]: The collection of historical records associated to this WHOIS object.
[Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[DomainStatus <String>]: The domain status for this WHOIS object.
[ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Host <IMicrosoftGraphSecurityHost>]: host
[LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Nameservers <IMicrosoftGraphSecurityWhoisNameserver[]>]: The nameservers for this WHOIS object.
[Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[RawWhoisText <String>]: The raw WHOIS details for this WHOIS object.
[Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[WhoisServer <String>]: The WHOIS server that provides the details.
[Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[Id <String>]: The unique identifier for an entity.
Read-only.
CHILDHOSTPAIRS <IMicrosoftGraphSecurityHostPair[]>: The hostPairs that are resources associated with a host, where that host is the parentHost and has an outgoing pairing to a cihldHost. [Id <String>]: The unique identifier for an entity. Read-only. [ChildHost <IMicrosoftGraphSecurityHost>]: host [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ChildHostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are resources associated with a host, where that host is the parentHost and has an outgoing pairing to a cihldHost. [Components <IMicrosoftGraphSecurityHostComponent[]>]: The hostComponents that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [Category <String>]: The type of component that was detected (for example, Operating System, Framework, Remote Access, or Server). [FirstSeenDateTime <DateTime?>]: The first date and time when this web component was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time when this web component was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Name <String>]: A name running on the artifact, for example, Microsoft IIS. [Version <String>]: The component version running on the artifact, for example, v8.5. This shouldn't be assumed to be strictly numerical. [Cookies <IMicrosoftGraphSecurityHostCookie[]>]: The hostCookies that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [Domain <String>]: The URI for which the cookie is valid. [FirstSeenDateTime <DateTime?>]: The first date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Name <String>]: The name of the cookie, for example, JSESSIONID or SEARCH_NAMESITE. [FirstSeenDateTime <DateTime?>]: The first date and time when this host was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [HostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are associated with this host, where this host is either the parentHost or childHost. [LastSeenDateTime <DateTime?>]: The most recent date and time when this host was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [ParentHostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are associated with a host, where that host is the childHost and has an incoming pairing with a parentHost. [PassiveDns <IMicrosoftGraphSecurityPassiveDnsRecord[]>]: Passive DNS retrieval about this host. [Id <String>]: The unique identifier for an entity. Read-only. [Artifact <IMicrosoftGraphSecurityArtifact>]: artifact [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [CollectedDateTime <DateTime?>]: The date and time that this passiveDnsRecord entry was collected by Microsoft. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was first seen. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was most recently seen. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [ParentHost <IMicrosoftGraphSecurityHost>]: host [RecordType <String>]: The DNS record type for this passiveDnsRecord entry. [PassiveDnsReverse <IMicrosoftGraphSecurityPassiveDnsRecord[]>]: Reverse passive DNS retrieval about this host. [Ports <IMicrosoftGraphSecurityHostPort[]>]: The hostPorts associated with a host. [Id <String>]: The unique identifier for an entity. Read-only. [Banners <IMicrosoftGraphSecurityHostPortBanner[]>]: The hostPortBanners retrieved from scanning the port. [Banner <String>]: The text response received from a web component when scanning a hostPort. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [ScanProtocol <String>]: The specific protocol used to scan the hostPort. [TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPortBanner in all its scans. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastScanDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence scanned the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [MostRecentSslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ExpirationDateTime <DateTime?>]: The date and time when a certificate expires. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Fingerprint <String>]: A hash of the certificate calculated on the data and signature. [FirstSeenDateTime <DateTime?>]: The first date and time when this sslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [IssueDateTime <DateTime?>]: The date and time when a certificate was issued. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Issuer <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity [(Any) <Object>]: This indicates any property can be added to this object. [Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress [(Any) <Object>]: This indicates any property can be added to this object. [City <String>]: The city. [CountryOrRegion <String>]: The country or region. It's a free-format string value, for example, 'United States'. [PostOfficeBox <String>]: The post office box number. [PostalCode <String>]: The postal code. [State <String>]: The state. [Street <String>]: The street. [Type <String>]: physicalAddressType [AlternateNames <String[]>]: Alternate names for this entity that are part of the certificate. [CommonName <String>]: A common name for this entity. [Email <String>]: An email for this entity. [GivenName <String>]: If the entity is a person, this is the person's given name (first name). [OrganizationName <String>]: If the entity is an organization, this is the name of the organization. [OrganizationUnitName <String>]: If the entity is an organization, this communicates if a unit in the organization is named on the entity. [SerialNumber <String>]: A serial number assigned to the entity; usually only available if the entity is the issuer. [Surname <String>]: If the entity is a person, this is the person's surname (last name). [LastSeenDateTime <DateTime?>]: The most recent date and time when this sslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [RelatedHosts <IMicrosoftGraphSecurityHost[]>]: The host resources related with this sslCertificate. [SerialNumber <String>]: The serial number associated with an SSL certificate. [Sha1 <String>]: A SHA-1 hash of the certificate. Note: This is not the signature. [Subject <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity [Port <Int32?>]: The numerical identifier of the port which is standardized across the internet. [Protocol <String>]: hostPortProtocol [Services <IMicrosoftGraphSecurityHostPortComponent[]>]: The hostPortComponents retrieved from scanning the port. [Component <IMicrosoftGraphSecurityHostComponent>]: hostComponent [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [IsRecent <Boolean?>]: Indicates whether this hostPortComponent is recent, which is determined by whether the hostPortComponent was observed either at the same time or after the latest hostPortBanner in the scan history, or within two days of the latest scan of the hostPort when there are no hostPortBanners in the scan history. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Status <String>]: hostPortStatus [TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPort in all its scans. [Reputation <IMicrosoftGraphSecurityHostReputation>]: hostReputation [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [Classification <String>]: hostReputationClassification [Rules <IMicrosoftGraphSecurityHostReputationRule[]>]: A collection of rules that have been used to calculate the classification and score. [Description <String>]: The description of the rule that gives more context. [Name <String>]: The name of the rule. [RelatedDetailsUrl <String>]: Link to a web page with details related to this rule. [Severity <String>]: hostReputationRuleSeverity [Score <Int32?>]: The calculated score (0-100) of the requested host. A higher value indicates that this host is more likely to be suspicious or malicious. [SslCertificates <IMicrosoftGraphSecurityHostSslCertificate[]>]: The hostSslCertificates that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time that this hostSslCertificate was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time that this hostSslCertificate was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Ports <IMicrosoftGraphSecurityHostSslCertificatePort[]>]: The ports related with this hostSslCertificate. [FirstSeenDateTime <DateTime?>]: The first date and time that this port was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The most recent date and time that this port was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Port <Int32?>]: The port number. [SslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate [Subdomains <IMicrosoftGraphSecuritySubdomain[]>]: The subdomains that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the subdomain. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [Trackers <IMicrosoftGraphSecurityHostTracker[]>]: The hostTrackers that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [Kind <String>]: The kind of hostTracker that was detected. For example, GoogleAnalyticsID or JarmHash. [LastSeenDateTime <DateTime?>]: The most recent date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Value <String>]: The identification value for the hostTracker. [Whois <IMicrosoftGraphSecurityWhoisRecord>]: whoisRecord [(Any) <Object>]: This indicates any property can be added to this object. [Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [(Any) <Object>]: This indicates any property can be added to this object. [Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress [Email <String>]: The email of this WHOIS contact. [Fax <String>]: The fax of this WHOIS contact. No format is guaranteed. [Name <String>]: The name of this WHOIS contact. [Organization <String>]: The organization of this WHOIS contact. [Telephone <String>]: The telephone of this WHOIS contact. No format is guaranteed. [Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [DomainStatus <String>]: The domain status for this WHOIS object. [ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Nameservers <IMicrosoftGraphSecurityWhoisNameserver[]>]: The nameservers for this WHOIS object. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS contact. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS contact. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RawWhoisText <String>]: The raw WHOIS details for this WHOIS object. [Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [WhoisServer <String>]: The WHOIS server that provides the details. [Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Id <String>]: The unique identifier for an entity. Read-only. [History <IMicrosoftGraphSecurityWhoisHistoryRecord[]>]: The collection of historical records associated to this WHOIS object. [Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [DomainStatus <String>]: The domain status for this WHOIS object. [ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Nameservers <IMicrosoftGraphSecurityWhoisNameserver[]>]: The nameservers for this WHOIS object. [Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RawWhoisText <String>]: The raw WHOIS details for this WHOIS object. [Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [WhoisServer <String>]: The WHOIS server that provides the details. [Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LinkKind <String>]: The reason that two hosts are identified as hostPair. [ParentHost <IMicrosoftGraphSecurityHost>]: host
COMPONENTS <IMicrosoftGraphSecurityHostComponent[]>: The hostComponents that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [Category <String>]: The type of component that was detected (for example, Operating System, Framework, Remote Access, or Server). [FirstSeenDateTime <DateTime?>]: The first date and time when this web component was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ChildHostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are resources associated with a host, where that host is the parentHost and has an outgoing pairing to a cihldHost. [Id <String>]: The unique identifier for an entity. Read-only. [ChildHost <IMicrosoftGraphSecurityHost>]: host [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LinkKind <String>]: The reason that two hosts are identified as hostPair. [ParentHost <IMicrosoftGraphSecurityHost>]: host [Components <IMicrosoftGraphSecurityHostComponent[]>]: The hostComponents that are associated with this host. [Cookies <IMicrosoftGraphSecurityHostCookie[]>]: The hostCookies that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [Domain <String>]: The URI for which the cookie is valid. [FirstSeenDateTime <DateTime?>]: The first date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Name <String>]: The name of the cookie, for example, JSESSIONID or SEARCH_NAMESITE. [FirstSeenDateTime <DateTime?>]: The first date and time when this host was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [HostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are associated with this host, where this host is either the parentHost or childHost. [LastSeenDateTime <DateTime?>]: The most recent date and time when this host was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [ParentHostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are associated with a host, where that host is the childHost and has an incoming pairing with a parentHost. [PassiveDns <IMicrosoftGraphSecurityPassiveDnsRecord[]>]: Passive DNS retrieval about this host. [Id <String>]: The unique identifier for an entity. Read-only. [Artifact <IMicrosoftGraphSecurityArtifact>]: artifact [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [CollectedDateTime <DateTime?>]: The date and time that this passiveDnsRecord entry was collected by Microsoft. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was first seen. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was most recently seen. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [ParentHost <IMicrosoftGraphSecurityHost>]: host [RecordType <String>]: The DNS record type for this passiveDnsRecord entry. [PassiveDnsReverse <IMicrosoftGraphSecurityPassiveDnsRecord[]>]: Reverse passive DNS retrieval about this host. [Ports <IMicrosoftGraphSecurityHostPort[]>]: The hostPorts associated with a host. [Id <String>]: The unique identifier for an entity. Read-only. [Banners <IMicrosoftGraphSecurityHostPortBanner[]>]: The hostPortBanners retrieved from scanning the port. [Banner <String>]: The text response received from a web component when scanning a hostPort. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [ScanProtocol <String>]: The specific protocol used to scan the hostPort. [TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPortBanner in all its scans. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastScanDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence scanned the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [MostRecentSslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ExpirationDateTime <DateTime?>]: The date and time when a certificate expires. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Fingerprint <String>]: A hash of the certificate calculated on the data and signature. [FirstSeenDateTime <DateTime?>]: The first date and time when this sslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [IssueDateTime <DateTime?>]: The date and time when a certificate was issued. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Issuer <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity [(Any) <Object>]: This indicates any property can be added to this object. [Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress [(Any) <Object>]: This indicates any property can be added to this object. [City <String>]: The city. [CountryOrRegion <String>]: The country or region. It's a free-format string value, for example, 'United States'. [PostOfficeBox <String>]: The post office box number. [PostalCode <String>]: The postal code. [State <String>]: The state. [Street <String>]: The street. [Type <String>]: physicalAddressType [AlternateNames <String[]>]: Alternate names for this entity that are part of the certificate. [CommonName <String>]: A common name for this entity. [Email <String>]: An email for this entity. [GivenName <String>]: If the entity is a person, this is the person's given name (first name). [OrganizationName <String>]: If the entity is an organization, this is the name of the organization. [OrganizationUnitName <String>]: If the entity is an organization, this communicates if a unit in the organization is named on the entity. [SerialNumber <String>]: A serial number assigned to the entity; usually only available if the entity is the issuer. [Surname <String>]: If the entity is a person, this is the person's surname (last name). [LastSeenDateTime <DateTime?>]: The most recent date and time when this sslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [RelatedHosts <IMicrosoftGraphSecurityHost[]>]: The host resources related with this sslCertificate. [SerialNumber <String>]: The serial number associated with an SSL certificate. [Sha1 <String>]: A SHA-1 hash of the certificate. Note: This is not the signature. [Subject <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity [Port <Int32?>]: The numerical identifier of the port which is standardized across the internet. [Protocol <String>]: hostPortProtocol [Services <IMicrosoftGraphSecurityHostPortComponent[]>]: The hostPortComponents retrieved from scanning the port. [Component <IMicrosoftGraphSecurityHostComponent>]: hostComponent [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [IsRecent <Boolean?>]: Indicates whether this hostPortComponent is recent, which is determined by whether the hostPortComponent was observed either at the same time or after the latest hostPortBanner in the scan history, or within two days of the latest scan of the hostPort when there are no hostPortBanners in the scan history. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Status <String>]: hostPortStatus [TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPort in all its scans. [Reputation <IMicrosoftGraphSecurityHostReputation>]: hostReputation [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [Classification <String>]: hostReputationClassification [Rules <IMicrosoftGraphSecurityHostReputationRule[]>]: A collection of rules that have been used to calculate the classification and score. [Description <String>]: The description of the rule that gives more context. [Name <String>]: The name of the rule. [RelatedDetailsUrl <String>]: Link to a web page with details related to this rule. [Severity <String>]: hostReputationRuleSeverity [Score <Int32?>]: The calculated score (0-100) of the requested host. A higher value indicates that this host is more likely to be suspicious or malicious. [SslCertificates <IMicrosoftGraphSecurityHostSslCertificate[]>]: The hostSslCertificates that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time that this hostSslCertificate was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time that this hostSslCertificate was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Ports <IMicrosoftGraphSecurityHostSslCertificatePort[]>]: The ports related with this hostSslCertificate. [FirstSeenDateTime <DateTime?>]: The first date and time that this port was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The most recent date and time that this port was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Port <Int32?>]: The port number. [SslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate [Subdomains <IMicrosoftGraphSecuritySubdomain[]>]: The subdomains that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the subdomain. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [Trackers <IMicrosoftGraphSecurityHostTracker[]>]: The hostTrackers that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [Kind <String>]: The kind of hostTracker that was detected. For example, GoogleAnalyticsID or JarmHash. [LastSeenDateTime <DateTime?>]: The most recent date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Value <String>]: The identification value for the hostTracker. [Whois <IMicrosoftGraphSecurityWhoisRecord>]: whoisRecord [(Any) <Object>]: This indicates any property can be added to this object. [Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [(Any) <Object>]: This indicates any property can be added to this object. [Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress [Email <String>]: The email of this WHOIS contact. [Fax <String>]: The fax of this WHOIS contact. No format is guaranteed. [Name <String>]: The name of this WHOIS contact. [Organization <String>]: The organization of this WHOIS contact. [Telephone <String>]: The telephone of this WHOIS contact. No format is guaranteed. [Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [DomainStatus <String>]: The domain status for this WHOIS object. [ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Nameservers <IMicrosoftGraphSecurityWhoisNameserver[]>]: The nameservers for this WHOIS object. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS contact. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS contact. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RawWhoisText <String>]: The raw WHOIS details for this WHOIS object. [Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [WhoisServer <String>]: The WHOIS server that provides the details. [Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Id <String>]: The unique identifier for an entity. Read-only. [History <IMicrosoftGraphSecurityWhoisHistoryRecord[]>]: The collection of historical records associated to this WHOIS object. [Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [DomainStatus <String>]: The domain status for this WHOIS object. [ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Nameservers <IMicrosoftGraphSecurityWhoisNameserver[]>]: The nameservers for this WHOIS object. [Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RawWhoisText <String>]: The raw WHOIS details for this WHOIS object. [Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [WhoisServer <String>]: The WHOIS server that provides the details. [Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Id <String>]: The unique identifier for an entity. Read-only. [LastSeenDateTime <DateTime?>]: The most recent date and time when this web component was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Name <String>]: A name running on the artifact, for example, Microsoft IIS. [Version <String>]: The component version running on the artifact, for example, v8.5. This shouldn't be assumed to be strictly numerical.
COOKIES <IMicrosoftGraphSecurityHostCookie[]>: The hostCookies that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [Domain <String>]: The URI for which the cookie is valid. [FirstSeenDateTime <DateTime?>]: The first date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ChildHostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are resources associated with a host, where that host is the parentHost and has an outgoing pairing to a cihldHost. [Id <String>]: The unique identifier for an entity. Read-only. [ChildHost <IMicrosoftGraphSecurityHost>]: host [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LinkKind <String>]: The reason that two hosts are identified as hostPair. [ParentHost <IMicrosoftGraphSecurityHost>]: host [Components <IMicrosoftGraphSecurityHostComponent[]>]: The hostComponents that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [Category <String>]: The type of component that was detected (for example, Operating System, Framework, Remote Access, or Server). [FirstSeenDateTime <DateTime?>]: The first date and time when this web component was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time when this web component was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Name <String>]: A name running on the artifact, for example, Microsoft IIS. [Version <String>]: The component version running on the artifact, for example, v8.5. This shouldn't be assumed to be strictly numerical. [Cookies <IMicrosoftGraphSecurityHostCookie[]>]: The hostCookies that are associated with this host. [FirstSeenDateTime <DateTime?>]: The first date and time when this host was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [HostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are associated with this host, where this host is either the parentHost or childHost. [LastSeenDateTime <DateTime?>]: The most recent date and time when this host was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [ParentHostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are associated with a host, where that host is the childHost and has an incoming pairing with a parentHost. [PassiveDns <IMicrosoftGraphSecurityPassiveDnsRecord[]>]: Passive DNS retrieval about this host. [Id <String>]: The unique identifier for an entity. Read-only. [Artifact <IMicrosoftGraphSecurityArtifact>]: artifact [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [CollectedDateTime <DateTime?>]: The date and time that this passiveDnsRecord entry was collected by Microsoft. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was first seen. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was most recently seen. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [ParentHost <IMicrosoftGraphSecurityHost>]: host [RecordType <String>]: The DNS record type for this passiveDnsRecord entry. [PassiveDnsReverse <IMicrosoftGraphSecurityPassiveDnsRecord[]>]: Reverse passive DNS retrieval about this host. [Ports <IMicrosoftGraphSecurityHostPort[]>]: The hostPorts associated with a host. [Id <String>]: The unique identifier for an entity. Read-only. [Banners <IMicrosoftGraphSecurityHostPortBanner[]>]: The hostPortBanners retrieved from scanning the port. [Banner <String>]: The text response received from a web component when scanning a hostPort. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [ScanProtocol <String>]: The specific protocol used to scan the hostPort. [TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPortBanner in all its scans. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastScanDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence scanned the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [MostRecentSslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ExpirationDateTime <DateTime?>]: The date and time when a certificate expires. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Fingerprint <String>]: A hash of the certificate calculated on the data and signature. [FirstSeenDateTime <DateTime?>]: The first date and time when this sslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [IssueDateTime <DateTime?>]: The date and time when a certificate was issued. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Issuer <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity [(Any) <Object>]: This indicates any property can be added to this object. [Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress [(Any) <Object>]: This indicates any property can be added to this object. [City <String>]: The city. [CountryOrRegion <String>]: The country or region. It's a free-format string value, for example, 'United States'. [PostOfficeBox <String>]: The post office box number. [PostalCode <String>]: The postal code. [State <String>]: The state. [Street <String>]: The street. [Type <String>]: physicalAddressType [AlternateNames <String[]>]: Alternate names for this entity that are part of the certificate. [CommonName <String>]: A common name for this entity. [Email <String>]: An email for this entity. [GivenName <String>]: If the entity is a person, this is the person's given name (first name). [OrganizationName <String>]: If the entity is an organization, this is the name of the organization. [OrganizationUnitName <String>]: If the entity is an organization, this communicates if a unit in the organization is named on the entity. [SerialNumber <String>]: A serial number assigned to the entity; usually only available if the entity is the issuer. [Surname <String>]: If the entity is a person, this is the person's surname (last name). [LastSeenDateTime <DateTime?>]: The most recent date and time when this sslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [RelatedHosts <IMicrosoftGraphSecurityHost[]>]: The host resources related with this sslCertificate. [SerialNumber <String>]: The serial number associated with an SSL certificate. [Sha1 <String>]: A SHA-1 hash of the certificate. Note: This is not the signature. [Subject <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity [Port <Int32?>]: The numerical identifier of the port which is standardized across the internet. [Protocol <String>]: hostPortProtocol [Services <IMicrosoftGraphSecurityHostPortComponent[]>]: The hostPortComponents retrieved from scanning the port. [Component <IMicrosoftGraphSecurityHostComponent>]: hostComponent [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [IsRecent <Boolean?>]: Indicates whether this hostPortComponent is recent, which is determined by whether the hostPortComponent was observed either at the same time or after the latest hostPortBanner in the scan history, or within two days of the latest scan of the hostPort when there are no hostPortBanners in the scan history. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Status <String>]: hostPortStatus [TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPort in all its scans. [Reputation <IMicrosoftGraphSecurityHostReputation>]: hostReputation [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [Classification <String>]: hostReputationClassification [Rules <IMicrosoftGraphSecurityHostReputationRule[]>]: A collection of rules that have been used to calculate the classification and score. [Description <String>]: The description of the rule that gives more context. [Name <String>]: The name of the rule. [RelatedDetailsUrl <String>]: Link to a web page with details related to this rule. [Severity <String>]: hostReputationRuleSeverity [Score <Int32?>]: The calculated score (0-100) of the requested host. A higher value indicates that this host is more likely to be suspicious or malicious. [SslCertificates <IMicrosoftGraphSecurityHostSslCertificate[]>]: The hostSslCertificates that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time that this hostSslCertificate was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time that this hostSslCertificate was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Ports <IMicrosoftGraphSecurityHostSslCertificatePort[]>]: The ports related with this hostSslCertificate. [FirstSeenDateTime <DateTime?>]: The first date and time that this port was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The most recent date and time that this port was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Port <Int32?>]: The port number. [SslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate [Subdomains <IMicrosoftGraphSecuritySubdomain[]>]: The subdomains that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the subdomain. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [Trackers <IMicrosoftGraphSecurityHostTracker[]>]: The hostTrackers that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [Kind <String>]: The kind of hostTracker that was detected. For example, GoogleAnalyticsID or JarmHash. [LastSeenDateTime <DateTime?>]: The most recent date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Value <String>]: The identification value for the hostTracker. [Whois <IMicrosoftGraphSecurityWhoisRecord>]: whoisRecord [(Any) <Object>]: This indicates any property can be added to this object. [Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [(Any) <Object>]: This indicates any property can be added to this object. [Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress [Email <String>]: The email of this WHOIS contact. [Fax <String>]: The fax of this WHOIS contact. No format is guaranteed. [Name <String>]: The name of this WHOIS contact. [Organization <String>]: The organization of this WHOIS contact. [Telephone <String>]: The telephone of this WHOIS contact. No format is guaranteed. [Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [DomainStatus <String>]: The domain status for this WHOIS object. [ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Nameservers <IMicrosoftGraphSecurityWhoisNameserver[]>]: The nameservers for this WHOIS object. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS contact. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS contact. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RawWhoisText <String>]: The raw WHOIS details for this WHOIS object. [Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [WhoisServer <String>]: The WHOIS server that provides the details. [Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Id <String>]: The unique identifier for an entity. Read-only. [History <IMicrosoftGraphSecurityWhoisHistoryRecord[]>]: The collection of historical records associated to this WHOIS object. [Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [DomainStatus <String>]: The domain status for this WHOIS object. [ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Nameservers <IMicrosoftGraphSecurityWhoisNameserver[]>]: The nameservers for this WHOIS object. [Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RawWhoisText <String>]: The raw WHOIS details for this WHOIS object. [Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [WhoisServer <String>]: The WHOIS server that provides the details. [Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Id <String>]: The unique identifier for an entity. Read-only. [LastSeenDateTime <DateTime?>]: The most recent date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Name <String>]: The name of the cookie, for example, JSESSIONID or SEARCH_NAMESITE.
HOSTPAIRS <IMicrosoftGraphSecurityHostPair[]>: The hostPairs that are associated with this host, where this host is either the parentHost or childHost. [Id <String>]: The unique identifier for an entity. Read-only. [ChildHost <IMicrosoftGraphSecurityHost>]: host [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ChildHostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are resources associated with a host, where that host is the parentHost and has an outgoing pairing to a cihldHost. [Components <IMicrosoftGraphSecurityHostComponent[]>]: The hostComponents that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [Category <String>]: The type of component that was detected (for example, Operating System, Framework, Remote Access, or Server). [FirstSeenDateTime <DateTime?>]: The first date and time when this web component was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time when this web component was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Name <String>]: A name running on the artifact, for example, Microsoft IIS. [Version <String>]: The component version running on the artifact, for example, v8.5. This shouldn't be assumed to be strictly numerical. [Cookies <IMicrosoftGraphSecurityHostCookie[]>]: The hostCookies that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [Domain <String>]: The URI for which the cookie is valid. [FirstSeenDateTime <DateTime?>]: The first date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Name <String>]: The name of the cookie, for example, JSESSIONID or SEARCH_NAMESITE. [FirstSeenDateTime <DateTime?>]: The first date and time when this host was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [HostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are associated with this host, where this host is either the parentHost or childHost. [LastSeenDateTime <DateTime?>]: The most recent date and time when this host was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [ParentHostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are associated with a host, where that host is the childHost and has an incoming pairing with a parentHost. [PassiveDns <IMicrosoftGraphSecurityPassiveDnsRecord[]>]: Passive DNS retrieval about this host. [Id <String>]: The unique identifier for an entity. Read-only. [Artifact <IMicrosoftGraphSecurityArtifact>]: artifact [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [CollectedDateTime <DateTime?>]: The date and time that this passiveDnsRecord entry was collected by Microsoft. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was first seen. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was most recently seen. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [ParentHost <IMicrosoftGraphSecurityHost>]: host [RecordType <String>]: The DNS record type for this passiveDnsRecord entry. [PassiveDnsReverse <IMicrosoftGraphSecurityPassiveDnsRecord[]>]: Reverse passive DNS retrieval about this host. [Ports <IMicrosoftGraphSecurityHostPort[]>]: The hostPorts associated with a host. [Id <String>]: The unique identifier for an entity. Read-only. [Banners <IMicrosoftGraphSecurityHostPortBanner[]>]: The hostPortBanners retrieved from scanning the port. [Banner <String>]: The text response received from a web component when scanning a hostPort. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [ScanProtocol <String>]: The specific protocol used to scan the hostPort. [TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPortBanner in all its scans. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastScanDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence scanned the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [MostRecentSslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ExpirationDateTime <DateTime?>]: The date and time when a certificate expires. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Fingerprint <String>]: A hash of the certificate calculated on the data and signature. [FirstSeenDateTime <DateTime?>]: The first date and time when this sslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [IssueDateTime <DateTime?>]: The date and time when a certificate was issued. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Issuer <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity [(Any) <Object>]: This indicates any property can be added to this object. [Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress [(Any) <Object>]: This indicates any property can be added to this object. [City <String>]: The city. [CountryOrRegion <String>]: The country or region. It's a free-format string value, for example, 'United States'. [PostOfficeBox <String>]: The post office box number. [PostalCode <String>]: The postal code. [State <String>]: The state. [Street <String>]: The street. [Type <String>]: physicalAddressType [AlternateNames <String[]>]: Alternate names for this entity that are part of the certificate. [CommonName <String>]: A common name for this entity. [Email <String>]: An email for this entity. [GivenName <String>]: If the entity is a person, this is the person's given name (first name). [OrganizationName <String>]: If the entity is an organization, this is the name of the organization. [OrganizationUnitName <String>]: If the entity is an organization, this communicates if a unit in the organization is named on the entity. [SerialNumber <String>]: A serial number assigned to the entity; usually only available if the entity is the issuer. [Surname <String>]: If the entity is a person, this is the person's surname (last name). [LastSeenDateTime <DateTime?>]: The most recent date and time when this sslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [RelatedHosts <IMicrosoftGraphSecurityHost[]>]: The host resources related with this sslCertificate. [SerialNumber <String>]: The serial number associated with an SSL certificate. [Sha1 <String>]: A SHA-1 hash of the certificate. Note: This is not the signature. [Subject <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity [Port <Int32?>]: The numerical identifier of the port which is standardized across the internet. [Protocol <String>]: hostPortProtocol [Services <IMicrosoftGraphSecurityHostPortComponent[]>]: The hostPortComponents retrieved from scanning the port. [Component <IMicrosoftGraphSecurityHostComponent>]: hostComponent [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [IsRecent <Boolean?>]: Indicates whether this hostPortComponent is recent, which is determined by whether the hostPortComponent was observed either at the same time or after the latest hostPortBanner in the scan history, or within two days of the latest scan of the hostPort when there are no hostPortBanners in the scan history. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Status <String>]: hostPortStatus [TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPort in all its scans. [Reputation <IMicrosoftGraphSecurityHostReputation>]: hostReputation [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [Classification <String>]: hostReputationClassification [Rules <IMicrosoftGraphSecurityHostReputationRule[]>]: A collection of rules that have been used to calculate the classification and score. [Description <String>]: The description of the rule that gives more context. [Name <String>]: The name of the rule. [RelatedDetailsUrl <String>]: Link to a web page with details related to this rule. [Severity <String>]: hostReputationRuleSeverity [Score <Int32?>]: The calculated score (0-100) of the requested host. A higher value indicates that this host is more likely to be suspicious or malicious. [SslCertificates <IMicrosoftGraphSecurityHostSslCertificate[]>]: The hostSslCertificates that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time that this hostSslCertificate was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time that this hostSslCertificate was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Ports <IMicrosoftGraphSecurityHostSslCertificatePort[]>]: The ports related with this hostSslCertificate. [FirstSeenDateTime <DateTime?>]: The first date and time that this port was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The most recent date and time that this port was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Port <Int32?>]: The port number. [SslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate [Subdomains <IMicrosoftGraphSecuritySubdomain[]>]: The subdomains that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the subdomain. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [Trackers <IMicrosoftGraphSecurityHostTracker[]>]: The hostTrackers that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [Kind <String>]: The kind of hostTracker that was detected. For example, GoogleAnalyticsID or JarmHash. [LastSeenDateTime <DateTime?>]: The most recent date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Value <String>]: The identification value for the hostTracker. [Whois <IMicrosoftGraphSecurityWhoisRecord>]: whoisRecord [(Any) <Object>]: This indicates any property can be added to this object. [Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [(Any) <Object>]: This indicates any property can be added to this object. [Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress [Email <String>]: The email of this WHOIS contact. [Fax <String>]: The fax of this WHOIS contact. No format is guaranteed. [Name <String>]: The name of this WHOIS contact. [Organization <String>]: The organization of this WHOIS contact. [Telephone <String>]: The telephone of this WHOIS contact. No format is guaranteed. [Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [DomainStatus <String>]: The domain status for this WHOIS object. [ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Nameservers <IMicrosoftGraphSecurityWhoisNameserver[]>]: The nameservers for this WHOIS object. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS contact. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS contact. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RawWhoisText <String>]: The raw WHOIS details for this WHOIS object. [Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [WhoisServer <String>]: The WHOIS server that provides the details. [Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Id <String>]: The unique identifier for an entity. Read-only. [History <IMicrosoftGraphSecurityWhoisHistoryRecord[]>]: The collection of historical records associated to this WHOIS object. [Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [DomainStatus <String>]: The domain status for this WHOIS object. [ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Nameservers <IMicrosoftGraphSecurityWhoisNameserver[]>]: The nameservers for this WHOIS object. [Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RawWhoisText <String>]: The raw WHOIS details for this WHOIS object. [Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [WhoisServer <String>]: The WHOIS server that provides the details. [Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LinkKind <String>]: The reason that two hosts are identified as hostPair. [ParentHost <IMicrosoftGraphSecurityHost>]: host
PARENTHOSTPAIRS <IMicrosoftGraphSecurityHostPair[]>: The hostPairs that are associated with a host, where that host is the childHost and has an incoming pairing with a parentHost. [Id <String>]: The unique identifier for an entity. Read-only. [ChildHost <IMicrosoftGraphSecurityHost>]: host [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ChildHostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are resources associated with a host, where that host is the parentHost and has an outgoing pairing to a cihldHost. [Components <IMicrosoftGraphSecurityHostComponent[]>]: The hostComponents that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [Category <String>]: The type of component that was detected (for example, Operating System, Framework, Remote Access, or Server). [FirstSeenDateTime <DateTime?>]: The first date and time when this web component was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time when this web component was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Name <String>]: A name running on the artifact, for example, Microsoft IIS. [Version <String>]: The component version running on the artifact, for example, v8.5. This shouldn't be assumed to be strictly numerical. [Cookies <IMicrosoftGraphSecurityHostCookie[]>]: The hostCookies that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [Domain <String>]: The URI for which the cookie is valid. [FirstSeenDateTime <DateTime?>]: The first date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Name <String>]: The name of the cookie, for example, JSESSIONID or SEARCH_NAMESITE. [FirstSeenDateTime <DateTime?>]: The first date and time when this host was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [HostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are associated with this host, where this host is either the parentHost or childHost. [LastSeenDateTime <DateTime?>]: The most recent date and time when this host was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [ParentHostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are associated with a host, where that host is the childHost and has an incoming pairing with a parentHost. [PassiveDns <IMicrosoftGraphSecurityPassiveDnsRecord[]>]: Passive DNS retrieval about this host. [Id <String>]: The unique identifier for an entity. Read-only. [Artifact <IMicrosoftGraphSecurityArtifact>]: artifact [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [CollectedDateTime <DateTime?>]: The date and time that this passiveDnsRecord entry was collected by Microsoft. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was first seen. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was most recently seen. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [ParentHost <IMicrosoftGraphSecurityHost>]: host [RecordType <String>]: The DNS record type for this passiveDnsRecord entry. [PassiveDnsReverse <IMicrosoftGraphSecurityPassiveDnsRecord[]>]: Reverse passive DNS retrieval about this host. [Ports <IMicrosoftGraphSecurityHostPort[]>]: The hostPorts associated with a host. [Id <String>]: The unique identifier for an entity. Read-only. [Banners <IMicrosoftGraphSecurityHostPortBanner[]>]: The hostPortBanners retrieved from scanning the port. [Banner <String>]: The text response received from a web component when scanning a hostPort. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [ScanProtocol <String>]: The specific protocol used to scan the hostPort. [TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPortBanner in all its scans. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastScanDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence scanned the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [MostRecentSslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ExpirationDateTime <DateTime?>]: The date and time when a certificate expires. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Fingerprint <String>]: A hash of the certificate calculated on the data and signature. [FirstSeenDateTime <DateTime?>]: The first date and time when this sslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [IssueDateTime <DateTime?>]: The date and time when a certificate was issued. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Issuer <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity [(Any) <Object>]: This indicates any property can be added to this object. [Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress [(Any) <Object>]: This indicates any property can be added to this object. [City <String>]: The city. [CountryOrRegion <String>]: The country or region. It's a free-format string value, for example, 'United States'. [PostOfficeBox <String>]: The post office box number. [PostalCode <String>]: The postal code. [State <String>]: The state. [Street <String>]: The street. [Type <String>]: physicalAddressType [AlternateNames <String[]>]: Alternate names for this entity that are part of the certificate. [CommonName <String>]: A common name for this entity. [Email <String>]: An email for this entity. [GivenName <String>]: If the entity is a person, this is the person's given name (first name). [OrganizationName <String>]: If the entity is an organization, this is the name of the organization. [OrganizationUnitName <String>]: If the entity is an organization, this communicates if a unit in the organization is named on the entity. [SerialNumber <String>]: A serial number assigned to the entity; usually only available if the entity is the issuer. [Surname <String>]: If the entity is a person, this is the person's surname (last name). [LastSeenDateTime <DateTime?>]: The most recent date and time when this sslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [RelatedHosts <IMicrosoftGraphSecurityHost[]>]: The host resources related with this sslCertificate. [SerialNumber <String>]: The serial number associated with an SSL certificate. [Sha1 <String>]: A SHA-1 hash of the certificate. Note: This is not the signature. [Subject <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity [Port <Int32?>]: The numerical identifier of the port which is standardized across the internet. [Protocol <String>]: hostPortProtocol [Services <IMicrosoftGraphSecurityHostPortComponent[]>]: The hostPortComponents retrieved from scanning the port. [Component <IMicrosoftGraphSecurityHostComponent>]: hostComponent [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [IsRecent <Boolean?>]: Indicates whether this hostPortComponent is recent, which is determined by whether the hostPortComponent was observed either at the same time or after the latest hostPortBanner in the scan history, or within two days of the latest scan of the hostPort when there are no hostPortBanners in the scan history. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Status <String>]: hostPortStatus [TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPort in all its scans. [Reputation <IMicrosoftGraphSecurityHostReputation>]: hostReputation [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [Classification <String>]: hostReputationClassification [Rules <IMicrosoftGraphSecurityHostReputationRule[]>]: A collection of rules that have been used to calculate the classification and score. [Description <String>]: The description of the rule that gives more context. [Name <String>]: The name of the rule. [RelatedDetailsUrl <String>]: Link to a web page with details related to this rule. [Severity <String>]: hostReputationRuleSeverity [Score <Int32?>]: The calculated score (0-100) of the requested host. A higher value indicates that this host is more likely to be suspicious or malicious. [SslCertificates <IMicrosoftGraphSecurityHostSslCertificate[]>]: The hostSslCertificates that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time that this hostSslCertificate was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time that this hostSslCertificate was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Ports <IMicrosoftGraphSecurityHostSslCertificatePort[]>]: The ports related with this hostSslCertificate. [FirstSeenDateTime <DateTime?>]: The first date and time that this port was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The most recent date and time that this port was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Port <Int32?>]: The port number. [SslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate [Subdomains <IMicrosoftGraphSecuritySubdomain[]>]: The subdomains that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the subdomain. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [Trackers <IMicrosoftGraphSecurityHostTracker[]>]: The hostTrackers that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [Kind <String>]: The kind of hostTracker that was detected. For example, GoogleAnalyticsID or JarmHash. [LastSeenDateTime <DateTime?>]: The most recent date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Value <String>]: The identification value for the hostTracker. [Whois <IMicrosoftGraphSecurityWhoisRecord>]: whoisRecord [(Any) <Object>]: This indicates any property can be added to this object. [Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [(Any) <Object>]: This indicates any property can be added to this object. [Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress [Email <String>]: The email of this WHOIS contact. [Fax <String>]: The fax of this WHOIS contact. No format is guaranteed. [Name <String>]: The name of this WHOIS contact. [Organization <String>]: The organization of this WHOIS contact. [Telephone <String>]: The telephone of this WHOIS contact. No format is guaranteed. [Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [DomainStatus <String>]: The domain status for this WHOIS object. [ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Nameservers <IMicrosoftGraphSecurityWhoisNameserver[]>]: The nameservers for this WHOIS object. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS contact. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS contact. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RawWhoisText <String>]: The raw WHOIS details for this WHOIS object. [Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [WhoisServer <String>]: The WHOIS server that provides the details. [Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Id <String>]: The unique identifier for an entity. Read-only. [History <IMicrosoftGraphSecurityWhoisHistoryRecord[]>]: The collection of historical records associated to this WHOIS object. [Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [DomainStatus <String>]: The domain status for this WHOIS object. [ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Nameservers <IMicrosoftGraphSecurityWhoisNameserver[]>]: The nameservers for this WHOIS object. [Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RawWhoisText <String>]: The raw WHOIS details for this WHOIS object. [Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [WhoisServer <String>]: The WHOIS server that provides the details. [Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LinkKind <String>]: The reason that two hosts are identified as hostPair. [ParentHost <IMicrosoftGraphSecurityHost>]: host
PASSIVEDNS <IMicrosoftGraphSecurityPassiveDnsRecord[]>: Passive DNS retrieval about this host. [Id <String>]: The unique identifier for an entity. Read-only. [Artifact <IMicrosoftGraphSecurityArtifact>]: artifact [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [CollectedDateTime <DateTime?>]: The date and time that this passiveDnsRecord entry was collected by Microsoft. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was first seen. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was most recently seen. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [ParentHost <IMicrosoftGraphSecurityHost>]: host [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ChildHostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are resources associated with a host, where that host is the parentHost and has an outgoing pairing to a cihldHost. [Id <String>]: The unique identifier for an entity. Read-only. [ChildHost <IMicrosoftGraphSecurityHost>]: host [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LinkKind <String>]: The reason that two hosts are identified as hostPair. [ParentHost <IMicrosoftGraphSecurityHost>]: host [Components <IMicrosoftGraphSecurityHostComponent[]>]: The hostComponents that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [Category <String>]: The type of component that was detected (for example, Operating System, Framework, Remote Access, or Server). [FirstSeenDateTime <DateTime?>]: The first date and time when this web component was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time when this web component was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Name <String>]: A name running on the artifact, for example, Microsoft IIS. [Version <String>]: The component version running on the artifact, for example, v8.5. This shouldn't be assumed to be strictly numerical. [Cookies <IMicrosoftGraphSecurityHostCookie[]>]: The hostCookies that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [Domain <String>]: The URI for which the cookie is valid. [FirstSeenDateTime <DateTime?>]: The first date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Name <String>]: The name of the cookie, for example, JSESSIONID or SEARCH_NAMESITE. [FirstSeenDateTime <DateTime?>]: The first date and time when this host was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [HostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are associated with this host, where this host is either the parentHost or childHost. [LastSeenDateTime <DateTime?>]: The most recent date and time when this host was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [ParentHostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are associated with a host, where that host is the childHost and has an incoming pairing with a parentHost. [PassiveDns <IMicrosoftGraphSecurityPassiveDnsRecord[]>]: Passive DNS retrieval about this host. [PassiveDnsReverse <IMicrosoftGraphSecurityPassiveDnsRecord[]>]: Reverse passive DNS retrieval about this host. [Ports <IMicrosoftGraphSecurityHostPort[]>]: The hostPorts associated with a host. [Id <String>]: The unique identifier for an entity. Read-only. [Banners <IMicrosoftGraphSecurityHostPortBanner[]>]: The hostPortBanners retrieved from scanning the port. [Banner <String>]: The text response received from a web component when scanning a hostPort. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [ScanProtocol <String>]: The specific protocol used to scan the hostPort. [TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPortBanner in all its scans. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastScanDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence scanned the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [MostRecentSslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ExpirationDateTime <DateTime?>]: The date and time when a certificate expires. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Fingerprint <String>]: A hash of the certificate calculated on the data and signature. [FirstSeenDateTime <DateTime?>]: The first date and time when this sslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [IssueDateTime <DateTime?>]: The date and time when a certificate was issued. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Issuer <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity [(Any) <Object>]: This indicates any property can be added to this object. [Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress [(Any) <Object>]: This indicates any property can be added to this object. [City <String>]: The city. [CountryOrRegion <String>]: The country or region. It's a free-format string value, for example, 'United States'. [PostOfficeBox <String>]: The post office box number. [PostalCode <String>]: The postal code. [State <String>]: The state. [Street <String>]: The street. [Type <String>]: physicalAddressType [AlternateNames <String[]>]: Alternate names for this entity that are part of the certificate. [CommonName <String>]: A common name for this entity. [Email <String>]: An email for this entity. [GivenName <String>]: If the entity is a person, this is the person's given name (first name). [OrganizationName <String>]: If the entity is an organization, this is the name of the organization. [OrganizationUnitName <String>]: If the entity is an organization, this communicates if a unit in the organization is named on the entity. [SerialNumber <String>]: A serial number assigned to the entity; usually only available if the entity is the issuer. [Surname <String>]: If the entity is a person, this is the person's surname (last name). [LastSeenDateTime <DateTime?>]: The most recent date and time when this sslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [RelatedHosts <IMicrosoftGraphSecurityHost[]>]: The host resources related with this sslCertificate. [SerialNumber <String>]: The serial number associated with an SSL certificate. [Sha1 <String>]: A SHA-1 hash of the certificate. Note: This is not the signature. [Subject <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity [Port <Int32?>]: The numerical identifier of the port which is standardized across the internet. [Protocol <String>]: hostPortProtocol [Services <IMicrosoftGraphSecurityHostPortComponent[]>]: The hostPortComponents retrieved from scanning the port. [Component <IMicrosoftGraphSecurityHostComponent>]: hostComponent [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [IsRecent <Boolean?>]: Indicates whether this hostPortComponent is recent, which is determined by whether the hostPortComponent was observed either at the same time or after the latest hostPortBanner in the scan history, or within two days of the latest scan of the hostPort when there are no hostPortBanners in the scan history. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Status <String>]: hostPortStatus [TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPort in all its scans. [Reputation <IMicrosoftGraphSecurityHostReputation>]: hostReputation [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [Classification <String>]: hostReputationClassification [Rules <IMicrosoftGraphSecurityHostReputationRule[]>]: A collection of rules that have been used to calculate the classification and score. [Description <String>]: The description of the rule that gives more context. [Name <String>]: The name of the rule. [RelatedDetailsUrl <String>]: Link to a web page with details related to this rule. [Severity <String>]: hostReputationRuleSeverity [Score <Int32?>]: The calculated score (0-100) of the requested host. A higher value indicates that this host is more likely to be suspicious or malicious. [SslCertificates <IMicrosoftGraphSecurityHostSslCertificate[]>]: The hostSslCertificates that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time that this hostSslCertificate was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time that this hostSslCertificate was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Ports <IMicrosoftGraphSecurityHostSslCertificatePort[]>]: The ports related with this hostSslCertificate. [FirstSeenDateTime <DateTime?>]: The first date and time that this port was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The most recent date and time that this port was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Port <Int32?>]: The port number. [SslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate [Subdomains <IMicrosoftGraphSecuritySubdomain[]>]: The subdomains that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the subdomain. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [Trackers <IMicrosoftGraphSecurityHostTracker[]>]: The hostTrackers that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [Kind <String>]: The kind of hostTracker that was detected. For example, GoogleAnalyticsID or JarmHash. [LastSeenDateTime <DateTime?>]: The most recent date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Value <String>]: The identification value for the hostTracker. [Whois <IMicrosoftGraphSecurityWhoisRecord>]: whoisRecord [(Any) <Object>]: This indicates any property can be added to this object. [Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [(Any) <Object>]: This indicates any property can be added to this object. [Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress [Email <String>]: The email of this WHOIS contact. [Fax <String>]: The fax of this WHOIS contact. No format is guaranteed. [Name <String>]: The name of this WHOIS contact. [Organization <String>]: The organization of this WHOIS contact. [Telephone <String>]: The telephone of this WHOIS contact. No format is guaranteed. [Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [DomainStatus <String>]: The domain status for this WHOIS object. [ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Nameservers <IMicrosoftGraphSecurityWhoisNameserver[]>]: The nameservers for this WHOIS object. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS contact. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS contact. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RawWhoisText <String>]: The raw WHOIS details for this WHOIS object. [Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [WhoisServer <String>]: The WHOIS server that provides the details. [Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Id <String>]: The unique identifier for an entity. Read-only. [History <IMicrosoftGraphSecurityWhoisHistoryRecord[]>]: The collection of historical records associated to this WHOIS object. [Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [DomainStatus <String>]: The domain status for this WHOIS object. [ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Nameservers <IMicrosoftGraphSecurityWhoisNameserver[]>]: The nameservers for this WHOIS object. [Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RawWhoisText <String>]: The raw WHOIS details for this WHOIS object. [Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [WhoisServer <String>]: The WHOIS server that provides the details. [Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Id <String>]: The unique identifier for an entity. Read-only. [RecordType <String>]: The DNS record type for this passiveDnsRecord entry.
PASSIVEDNSREVERSE <IMicrosoftGraphSecurityPassiveDnsRecord[]>: Reverse passive DNS retrieval about this host. [Id <String>]: The unique identifier for an entity. Read-only. [Artifact <IMicrosoftGraphSecurityArtifact>]: artifact [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [CollectedDateTime <DateTime?>]: The date and time that this passiveDnsRecord entry was collected by Microsoft. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was first seen. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was most recently seen. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [ParentHost <IMicrosoftGraphSecurityHost>]: host [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ChildHostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are resources associated with a host, where that host is the parentHost and has an outgoing pairing to a cihldHost. [Id <String>]: The unique identifier for an entity. Read-only. [ChildHost <IMicrosoftGraphSecurityHost>]: host [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LinkKind <String>]: The reason that two hosts are identified as hostPair. [ParentHost <IMicrosoftGraphSecurityHost>]: host [Components <IMicrosoftGraphSecurityHostComponent[]>]: The hostComponents that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [Category <String>]: The type of component that was detected (for example, Operating System, Framework, Remote Access, or Server). [FirstSeenDateTime <DateTime?>]: The first date and time when this web component was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time when this web component was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Name <String>]: A name running on the artifact, for example, Microsoft IIS. [Version <String>]: The component version running on the artifact, for example, v8.5. This shouldn't be assumed to be strictly numerical. [Cookies <IMicrosoftGraphSecurityHostCookie[]>]: The hostCookies that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [Domain <String>]: The URI for which the cookie is valid. [FirstSeenDateTime <DateTime?>]: The first date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Name <String>]: The name of the cookie, for example, JSESSIONID or SEARCH_NAMESITE. [FirstSeenDateTime <DateTime?>]: The first date and time when this host was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [HostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are associated with this host, where this host is either the parentHost or childHost. [LastSeenDateTime <DateTime?>]: The most recent date and time when this host was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [ParentHostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are associated with a host, where that host is the childHost and has an incoming pairing with a parentHost. [PassiveDns <IMicrosoftGraphSecurityPassiveDnsRecord[]>]: Passive DNS retrieval about this host. [PassiveDnsReverse <IMicrosoftGraphSecurityPassiveDnsRecord[]>]: Reverse passive DNS retrieval about this host. [Ports <IMicrosoftGraphSecurityHostPort[]>]: The hostPorts associated with a host. [Id <String>]: The unique identifier for an entity. Read-only. [Banners <IMicrosoftGraphSecurityHostPortBanner[]>]: The hostPortBanners retrieved from scanning the port. [Banner <String>]: The text response received from a web component when scanning a hostPort. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [ScanProtocol <String>]: The specific protocol used to scan the hostPort. [TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPortBanner in all its scans. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastScanDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence scanned the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [MostRecentSslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ExpirationDateTime <DateTime?>]: The date and time when a certificate expires. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Fingerprint <String>]: A hash of the certificate calculated on the data and signature. [FirstSeenDateTime <DateTime?>]: The first date and time when this sslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [IssueDateTime <DateTime?>]: The date and time when a certificate was issued. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Issuer <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity [(Any) <Object>]: This indicates any property can be added to this object. [Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress [(Any) <Object>]: This indicates any property can be added to this object. [City <String>]: The city. [CountryOrRegion <String>]: The country or region. It's a free-format string value, for example, 'United States'. [PostOfficeBox <String>]: The post office box number. [PostalCode <String>]: The postal code. [State <String>]: The state. [Street <String>]: The street. [Type <String>]: physicalAddressType [AlternateNames <String[]>]: Alternate names for this entity that are part of the certificate. [CommonName <String>]: A common name for this entity. [Email <String>]: An email for this entity. [GivenName <String>]: If the entity is a person, this is the person's given name (first name). [OrganizationName <String>]: If the entity is an organization, this is the name of the organization. [OrganizationUnitName <String>]: If the entity is an organization, this communicates if a unit in the organization is named on the entity. [SerialNumber <String>]: A serial number assigned to the entity; usually only available if the entity is the issuer. [Surname <String>]: If the entity is a person, this is the person's surname (last name). [LastSeenDateTime <DateTime?>]: The most recent date and time when this sslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [RelatedHosts <IMicrosoftGraphSecurityHost[]>]: The host resources related with this sslCertificate. [SerialNumber <String>]: The serial number associated with an SSL certificate. [Sha1 <String>]: A SHA-1 hash of the certificate. Note: This is not the signature. [Subject <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity [Port <Int32?>]: The numerical identifier of the port which is standardized across the internet. [Protocol <String>]: hostPortProtocol [Services <IMicrosoftGraphSecurityHostPortComponent[]>]: The hostPortComponents retrieved from scanning the port. [Component <IMicrosoftGraphSecurityHostComponent>]: hostComponent [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [IsRecent <Boolean?>]: Indicates whether this hostPortComponent is recent, which is determined by whether the hostPortComponent was observed either at the same time or after the latest hostPortBanner in the scan history, or within two days of the latest scan of the hostPort when there are no hostPortBanners in the scan history. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Status <String>]: hostPortStatus [TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPort in all its scans. [Reputation <IMicrosoftGraphSecurityHostReputation>]: hostReputation [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [Classification <String>]: hostReputationClassification [Rules <IMicrosoftGraphSecurityHostReputationRule[]>]: A collection of rules that have been used to calculate the classification and score. [Description <String>]: The description of the rule that gives more context. [Name <String>]: The name of the rule. [RelatedDetailsUrl <String>]: Link to a web page with details related to this rule. [Severity <String>]: hostReputationRuleSeverity [Score <Int32?>]: The calculated score (0-100) of the requested host. A higher value indicates that this host is more likely to be suspicious or malicious. [SslCertificates <IMicrosoftGraphSecurityHostSslCertificate[]>]: The hostSslCertificates that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time that this hostSslCertificate was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time that this hostSslCertificate was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Ports <IMicrosoftGraphSecurityHostSslCertificatePort[]>]: The ports related with this hostSslCertificate. [FirstSeenDateTime <DateTime?>]: The first date and time that this port was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The most recent date and time that this port was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Port <Int32?>]: The port number. [SslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate [Subdomains <IMicrosoftGraphSecuritySubdomain[]>]: The subdomains that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the subdomain. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [Trackers <IMicrosoftGraphSecurityHostTracker[]>]: The hostTrackers that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [Kind <String>]: The kind of hostTracker that was detected. For example, GoogleAnalyticsID or JarmHash. [LastSeenDateTime <DateTime?>]: The most recent date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Value <String>]: The identification value for the hostTracker. [Whois <IMicrosoftGraphSecurityWhoisRecord>]: whoisRecord [(Any) <Object>]: This indicates any property can be added to this object. [Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [(Any) <Object>]: This indicates any property can be added to this object. [Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress [Email <String>]: The email of this WHOIS contact. [Fax <String>]: The fax of this WHOIS contact. No format is guaranteed. [Name <String>]: The name of this WHOIS contact. [Organization <String>]: The organization of this WHOIS contact. [Telephone <String>]: The telephone of this WHOIS contact. No format is guaranteed. [Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [DomainStatus <String>]: The domain status for this WHOIS object. [ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Nameservers <IMicrosoftGraphSecurityWhoisNameserver[]>]: The nameservers for this WHOIS object. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS contact. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS contact. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RawWhoisText <String>]: The raw WHOIS details for this WHOIS object. [Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [WhoisServer <String>]: The WHOIS server that provides the details. [Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Id <String>]: The unique identifier for an entity. Read-only. [History <IMicrosoftGraphSecurityWhoisHistoryRecord[]>]: The collection of historical records associated to this WHOIS object. [Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [DomainStatus <String>]: The domain status for this WHOIS object. [ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Nameservers <IMicrosoftGraphSecurityWhoisNameserver[]>]: The nameservers for this WHOIS object. [Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RawWhoisText <String>]: The raw WHOIS details for this WHOIS object. [Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [WhoisServer <String>]: The WHOIS server that provides the details. [Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Id <String>]: The unique identifier for an entity. Read-only. [RecordType <String>]: The DNS record type for this passiveDnsRecord entry.
PORTS <IMicrosoftGraphSecurityHostPort[]>: The hostPorts associated with a host. [Id <String>]: The unique identifier for an entity. Read-only. [Banners <IMicrosoftGraphSecurityHostPortBanner[]>]: The hostPortBanners retrieved from scanning the port. [Banner <String>]: The text response received from a web component when scanning a hostPort. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [ScanProtocol <String>]: The specific protocol used to scan the hostPort. [TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPortBanner in all its scans. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ChildHostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are resources associated with a host, where that host is the parentHost and has an outgoing pairing to a cihldHost. [Id <String>]: The unique identifier for an entity. Read-only. [ChildHost <IMicrosoftGraphSecurityHost>]: host [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LinkKind <String>]: The reason that two hosts are identified as hostPair. [ParentHost <IMicrosoftGraphSecurityHost>]: host [Components <IMicrosoftGraphSecurityHostComponent[]>]: The hostComponents that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [Category <String>]: The type of component that was detected (for example, Operating System, Framework, Remote Access, or Server). [FirstSeenDateTime <DateTime?>]: The first date and time when this web component was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time when this web component was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Name <String>]: A name running on the artifact, for example, Microsoft IIS. [Version <String>]: The component version running on the artifact, for example, v8.5. This shouldn't be assumed to be strictly numerical. [Cookies <IMicrosoftGraphSecurityHostCookie[]>]: The hostCookies that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [Domain <String>]: The URI for which the cookie is valid. [FirstSeenDateTime <DateTime?>]: The first date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Name <String>]: The name of the cookie, for example, JSESSIONID or SEARCH_NAMESITE. [FirstSeenDateTime <DateTime?>]: The first date and time when this host was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [HostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are associated with this host, where this host is either the parentHost or childHost. [LastSeenDateTime <DateTime?>]: The most recent date and time when this host was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [ParentHostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are associated with a host, where that host is the childHost and has an incoming pairing with a parentHost. [PassiveDns <IMicrosoftGraphSecurityPassiveDnsRecord[]>]: Passive DNS retrieval about this host. [Id <String>]: The unique identifier for an entity. Read-only. [Artifact <IMicrosoftGraphSecurityArtifact>]: artifact [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [CollectedDateTime <DateTime?>]: The date and time that this passiveDnsRecord entry was collected by Microsoft. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was first seen. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was most recently seen. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [ParentHost <IMicrosoftGraphSecurityHost>]: host [RecordType <String>]: The DNS record type for this passiveDnsRecord entry. [PassiveDnsReverse <IMicrosoftGraphSecurityPassiveDnsRecord[]>]: Reverse passive DNS retrieval about this host. [Ports <IMicrosoftGraphSecurityHostPort[]>]: The hostPorts associated with a host. [Reputation <IMicrosoftGraphSecurityHostReputation>]: hostReputation [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [Classification <String>]: hostReputationClassification [Rules <IMicrosoftGraphSecurityHostReputationRule[]>]: A collection of rules that have been used to calculate the classification and score. [Description <String>]: The description of the rule that gives more context. [Name <String>]: The name of the rule. [RelatedDetailsUrl <String>]: Link to a web page with details related to this rule. [Severity <String>]: hostReputationRuleSeverity [Score <Int32?>]: The calculated score (0-100) of the requested host. A higher value indicates that this host is more likely to be suspicious or malicious. [SslCertificates <IMicrosoftGraphSecurityHostSslCertificate[]>]: The hostSslCertificates that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time that this hostSslCertificate was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time that this hostSslCertificate was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Ports <IMicrosoftGraphSecurityHostSslCertificatePort[]>]: The ports related with this hostSslCertificate. [FirstSeenDateTime <DateTime?>]: The first date and time that this port was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The most recent date and time that this port was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Port <Int32?>]: The port number. [SslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ExpirationDateTime <DateTime?>]: The date and time when a certificate expires. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Fingerprint <String>]: A hash of the certificate calculated on the data and signature. [FirstSeenDateTime <DateTime?>]: The first date and time when this sslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [IssueDateTime <DateTime?>]: The date and time when a certificate was issued. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Issuer <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity [(Any) <Object>]: This indicates any property can be added to this object. [Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress [(Any) <Object>]: This indicates any property can be added to this object. [City <String>]: The city. [CountryOrRegion <String>]: The country or region. It's a free-format string value, for example, 'United States'. [PostOfficeBox <String>]: The post office box number. [PostalCode <String>]: The postal code. [State <String>]: The state. [Street <String>]: The street. [Type <String>]: physicalAddressType [AlternateNames <String[]>]: Alternate names for this entity that are part of the certificate. [CommonName <String>]: A common name for this entity. [Email <String>]: An email for this entity. [GivenName <String>]: If the entity is a person, this is the person's given name (first name). [OrganizationName <String>]: If the entity is an organization, this is the name of the organization. [OrganizationUnitName <String>]: If the entity is an organization, this communicates if a unit in the organization is named on the entity. [SerialNumber <String>]: A serial number assigned to the entity; usually only available if the entity is the issuer. [Surname <String>]: If the entity is a person, this is the person's surname (last name). [LastSeenDateTime <DateTime?>]: The most recent date and time when this sslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [RelatedHosts <IMicrosoftGraphSecurityHost[]>]: The host resources related with this sslCertificate. [SerialNumber <String>]: The serial number associated with an SSL certificate. [Sha1 <String>]: A SHA-1 hash of the certificate. Note: This is not the signature. [Subject <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity [Subdomains <IMicrosoftGraphSecuritySubdomain[]>]: The subdomains that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the subdomain. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [Trackers <IMicrosoftGraphSecurityHostTracker[]>]: The hostTrackers that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [Kind <String>]: The kind of hostTracker that was detected. For example, GoogleAnalyticsID or JarmHash. [LastSeenDateTime <DateTime?>]: The most recent date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Value <String>]: The identification value for the hostTracker. [Whois <IMicrosoftGraphSecurityWhoisRecord>]: whoisRecord [(Any) <Object>]: This indicates any property can be added to this object. [Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [(Any) <Object>]: This indicates any property can be added to this object. [Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress [Email <String>]: The email of this WHOIS contact. [Fax <String>]: The fax of this WHOIS contact. No format is guaranteed. [Name <String>]: The name of this WHOIS contact. [Organization <String>]: The organization of this WHOIS contact. [Telephone <String>]: The telephone of this WHOIS contact. No format is guaranteed. [Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [DomainStatus <String>]: The domain status for this WHOIS object. [ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Nameservers <IMicrosoftGraphSecurityWhoisNameserver[]>]: The nameservers for this WHOIS object. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS contact. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS contact. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RawWhoisText <String>]: The raw WHOIS details for this WHOIS object. [Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [WhoisServer <String>]: The WHOIS server that provides the details. [Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Id <String>]: The unique identifier for an entity. Read-only. [History <IMicrosoftGraphSecurityWhoisHistoryRecord[]>]: The collection of historical records associated to this WHOIS object. [Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [DomainStatus <String>]: The domain status for this WHOIS object. [ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Nameservers <IMicrosoftGraphSecurityWhoisNameserver[]>]: The nameservers for this WHOIS object. [Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RawWhoisText <String>]: The raw WHOIS details for this WHOIS object. [Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [WhoisServer <String>]: The WHOIS server that provides the details. [Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Id <String>]: The unique identifier for an entity. Read-only. [LastScanDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence scanned the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [MostRecentSslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate [Port <Int32?>]: The numerical identifier of the port which is standardized across the internet. [Protocol <String>]: hostPortProtocol [Services <IMicrosoftGraphSecurityHostPortComponent[]>]: The hostPortComponents retrieved from scanning the port. [Component <IMicrosoftGraphSecurityHostComponent>]: hostComponent [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [IsRecent <Boolean?>]: Indicates whether this hostPortComponent is recent, which is determined by whether the hostPortComponent was observed either at the same time or after the latest hostPortBanner in the scan history, or within two days of the latest scan of the hostPort when there are no hostPortBanners in the scan history. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Status <String>]: hostPortStatus [TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPort in all its scans.
REPUTATION <IMicrosoftGraphSecurityHostReputation>: hostReputation
[(Any) <Object>]: This indicates any property can be added to this object.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Classification <String>]: hostReputationClassification
[Rules <IMicrosoftGraphSecurityHostReputationRule[]>]: A collection of rules that have been used to calculate the classification and score.
[Description <String>]: The description of the rule that gives more context.
[Name <String>]: The name of the rule.
[RelatedDetailsUrl <String>]: Link to a web page with details related to this rule.
[Severity <String>]: hostReputationRuleSeverity
[Score <Int32?>]: The calculated score (0-100) of the requested host.
A higher value indicates that this host is more likely to be suspicious or malicious.
SSLCERTIFICATES <IMicrosoftGraphSecurityHostSslCertificate[]>: The hostSslCertificates that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time that this hostSslCertificate was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ChildHostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are resources associated with a host, where that host is the parentHost and has an outgoing pairing to a cihldHost. [Id <String>]: The unique identifier for an entity. Read-only. [ChildHost <IMicrosoftGraphSecurityHost>]: host [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LinkKind <String>]: The reason that two hosts are identified as hostPair. [ParentHost <IMicrosoftGraphSecurityHost>]: host [Components <IMicrosoftGraphSecurityHostComponent[]>]: The hostComponents that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [Category <String>]: The type of component that was detected (for example, Operating System, Framework, Remote Access, or Server). [FirstSeenDateTime <DateTime?>]: The first date and time when this web component was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time when this web component was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Name <String>]: A name running on the artifact, for example, Microsoft IIS. [Version <String>]: The component version running on the artifact, for example, v8.5. This shouldn't be assumed to be strictly numerical. [Cookies <IMicrosoftGraphSecurityHostCookie[]>]: The hostCookies that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [Domain <String>]: The URI for which the cookie is valid. [FirstSeenDateTime <DateTime?>]: The first date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Name <String>]: The name of the cookie, for example, JSESSIONID or SEARCH_NAMESITE. [FirstSeenDateTime <DateTime?>]: The first date and time when this host was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [HostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are associated with this host, where this host is either the parentHost or childHost. [LastSeenDateTime <DateTime?>]: The most recent date and time when this host was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [ParentHostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are associated with a host, where that host is the childHost and has an incoming pairing with a parentHost. [PassiveDns <IMicrosoftGraphSecurityPassiveDnsRecord[]>]: Passive DNS retrieval about this host. [Id <String>]: The unique identifier for an entity. Read-only. [Artifact <IMicrosoftGraphSecurityArtifact>]: artifact [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [CollectedDateTime <DateTime?>]: The date and time that this passiveDnsRecord entry was collected by Microsoft. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was first seen. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was most recently seen. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [ParentHost <IMicrosoftGraphSecurityHost>]: host [RecordType <String>]: The DNS record type for this passiveDnsRecord entry. [PassiveDnsReverse <IMicrosoftGraphSecurityPassiveDnsRecord[]>]: Reverse passive DNS retrieval about this host. [Ports <IMicrosoftGraphSecurityHostPort[]>]: The hostPorts associated with a host. [Id <String>]: The unique identifier for an entity. Read-only. [Banners <IMicrosoftGraphSecurityHostPortBanner[]>]: The hostPortBanners retrieved from scanning the port. [Banner <String>]: The text response received from a web component when scanning a hostPort. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [ScanProtocol <String>]: The specific protocol used to scan the hostPort. [TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPortBanner in all its scans. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastScanDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence scanned the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [MostRecentSslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ExpirationDateTime <DateTime?>]: The date and time when a certificate expires. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Fingerprint <String>]: A hash of the certificate calculated on the data and signature. [FirstSeenDateTime <DateTime?>]: The first date and time when this sslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [IssueDateTime <DateTime?>]: The date and time when a certificate was issued. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Issuer <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity [(Any) <Object>]: This indicates any property can be added to this object. [Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress [(Any) <Object>]: This indicates any property can be added to this object. [City <String>]: The city. [CountryOrRegion <String>]: The country or region. It's a free-format string value, for example, 'United States'. [PostOfficeBox <String>]: The post office box number. [PostalCode <String>]: The postal code. [State <String>]: The state. [Street <String>]: The street. [Type <String>]: physicalAddressType [AlternateNames <String[]>]: Alternate names for this entity that are part of the certificate. [CommonName <String>]: A common name for this entity. [Email <String>]: An email for this entity. [GivenName <String>]: If the entity is a person, this is the person's given name (first name). [OrganizationName <String>]: If the entity is an organization, this is the name of the organization. [OrganizationUnitName <String>]: If the entity is an organization, this communicates if a unit in the organization is named on the entity. [SerialNumber <String>]: A serial number assigned to the entity; usually only available if the entity is the issuer. [Surname <String>]: If the entity is a person, this is the person's surname (last name). [LastSeenDateTime <DateTime?>]: The most recent date and time when this sslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [RelatedHosts <IMicrosoftGraphSecurityHost[]>]: The host resources related with this sslCertificate. [SerialNumber <String>]: The serial number associated with an SSL certificate. [Sha1 <String>]: A SHA-1 hash of the certificate. Note: This is not the signature. [Subject <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity [Port <Int32?>]: The numerical identifier of the port which is standardized across the internet. [Protocol <String>]: hostPortProtocol [Services <IMicrosoftGraphSecurityHostPortComponent[]>]: The hostPortComponents retrieved from scanning the port. [Component <IMicrosoftGraphSecurityHostComponent>]: hostComponent [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [IsRecent <Boolean?>]: Indicates whether this hostPortComponent is recent, which is determined by whether the hostPortComponent was observed either at the same time or after the latest hostPortBanner in the scan history, or within two days of the latest scan of the hostPort when there are no hostPortBanners in the scan history. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Status <String>]: hostPortStatus [TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPort in all its scans. [Reputation <IMicrosoftGraphSecurityHostReputation>]: hostReputation [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [Classification <String>]: hostReputationClassification [Rules <IMicrosoftGraphSecurityHostReputationRule[]>]: A collection of rules that have been used to calculate the classification and score. [Description <String>]: The description of the rule that gives more context. [Name <String>]: The name of the rule. [RelatedDetailsUrl <String>]: Link to a web page with details related to this rule. [Severity <String>]: hostReputationRuleSeverity [Score <Int32?>]: The calculated score (0-100) of the requested host. A higher value indicates that this host is more likely to be suspicious or malicious. [SslCertificates <IMicrosoftGraphSecurityHostSslCertificate[]>]: The hostSslCertificates that are associated with this host. [Subdomains <IMicrosoftGraphSecuritySubdomain[]>]: The subdomains that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the subdomain. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [Trackers <IMicrosoftGraphSecurityHostTracker[]>]: The hostTrackers that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [Kind <String>]: The kind of hostTracker that was detected. For example, GoogleAnalyticsID or JarmHash. [LastSeenDateTime <DateTime?>]: The most recent date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Value <String>]: The identification value for the hostTracker. [Whois <IMicrosoftGraphSecurityWhoisRecord>]: whoisRecord [(Any) <Object>]: This indicates any property can be added to this object. [Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [(Any) <Object>]: This indicates any property can be added to this object. [Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress [Email <String>]: The email of this WHOIS contact. [Fax <String>]: The fax of this WHOIS contact. No format is guaranteed. [Name <String>]: The name of this WHOIS contact. [Organization <String>]: The organization of this WHOIS contact. [Telephone <String>]: The telephone of this WHOIS contact. No format is guaranteed. [Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [DomainStatus <String>]: The domain status for this WHOIS object. [ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Nameservers <IMicrosoftGraphSecurityWhoisNameserver[]>]: The nameservers for this WHOIS object. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS contact. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS contact. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RawWhoisText <String>]: The raw WHOIS details for this WHOIS object. [Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [WhoisServer <String>]: The WHOIS server that provides the details. [Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Id <String>]: The unique identifier for an entity. Read-only. [History <IMicrosoftGraphSecurityWhoisHistoryRecord[]>]: The collection of historical records associated to this WHOIS object. [Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [DomainStatus <String>]: The domain status for this WHOIS object. [ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Nameservers <IMicrosoftGraphSecurityWhoisNameserver[]>]: The nameservers for this WHOIS object. [Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RawWhoisText <String>]: The raw WHOIS details for this WHOIS object. [Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [WhoisServer <String>]: The WHOIS server that provides the details. [Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Id <String>]: The unique identifier for an entity. Read-only. [LastSeenDateTime <DateTime?>]: The most recent date and time that this hostSslCertificate was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Ports <IMicrosoftGraphSecurityHostSslCertificatePort[]>]: The ports related with this hostSslCertificate. [FirstSeenDateTime <DateTime?>]: The first date and time that this port was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The most recent date and time that this port was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Port <Int32?>]: The port number. [SslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate
SUBDOMAINS <IMicrosoftGraphSecuritySubdomain[]>: The subdomains that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the subdomain. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ChildHostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are resources associated with a host, where that host is the parentHost and has an outgoing pairing to a cihldHost. [Id <String>]: The unique identifier for an entity. Read-only. [ChildHost <IMicrosoftGraphSecurityHost>]: host [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LinkKind <String>]: The reason that two hosts are identified as hostPair. [ParentHost <IMicrosoftGraphSecurityHost>]: host [Components <IMicrosoftGraphSecurityHostComponent[]>]: The hostComponents that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [Category <String>]: The type of component that was detected (for example, Operating System, Framework, Remote Access, or Server). [FirstSeenDateTime <DateTime?>]: The first date and time when this web component was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time when this web component was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Name <String>]: A name running on the artifact, for example, Microsoft IIS. [Version <String>]: The component version running on the artifact, for example, v8.5. This shouldn't be assumed to be strictly numerical. [Cookies <IMicrosoftGraphSecurityHostCookie[]>]: The hostCookies that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [Domain <String>]: The URI for which the cookie is valid. [FirstSeenDateTime <DateTime?>]: The first date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Name <String>]: The name of the cookie, for example, JSESSIONID or SEARCH_NAMESITE. [FirstSeenDateTime <DateTime?>]: The first date and time when this host was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [HostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are associated with this host, where this host is either the parentHost or childHost. [LastSeenDateTime <DateTime?>]: The most recent date and time when this host was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [ParentHostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are associated with a host, where that host is the childHost and has an incoming pairing with a parentHost. [PassiveDns <IMicrosoftGraphSecurityPassiveDnsRecord[]>]: Passive DNS retrieval about this host. [Id <String>]: The unique identifier for an entity. Read-only. [Artifact <IMicrosoftGraphSecurityArtifact>]: artifact [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [CollectedDateTime <DateTime?>]: The date and time that this passiveDnsRecord entry was collected by Microsoft. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was first seen. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was most recently seen. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [ParentHost <IMicrosoftGraphSecurityHost>]: host [RecordType <String>]: The DNS record type for this passiveDnsRecord entry. [PassiveDnsReverse <IMicrosoftGraphSecurityPassiveDnsRecord[]>]: Reverse passive DNS retrieval about this host. [Ports <IMicrosoftGraphSecurityHostPort[]>]: The hostPorts associated with a host. [Id <String>]: The unique identifier for an entity. Read-only. [Banners <IMicrosoftGraphSecurityHostPortBanner[]>]: The hostPortBanners retrieved from scanning the port. [Banner <String>]: The text response received from a web component when scanning a hostPort. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [ScanProtocol <String>]: The specific protocol used to scan the hostPort. [TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPortBanner in all its scans. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastScanDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence scanned the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [MostRecentSslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ExpirationDateTime <DateTime?>]: The date and time when a certificate expires. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Fingerprint <String>]: A hash of the certificate calculated on the data and signature. [FirstSeenDateTime <DateTime?>]: The first date and time when this sslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [IssueDateTime <DateTime?>]: The date and time when a certificate was issued. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Issuer <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity [(Any) <Object>]: This indicates any property can be added to this object. [Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress [(Any) <Object>]: This indicates any property can be added to this object. [City <String>]: The city. [CountryOrRegion <String>]: The country or region. It's a free-format string value, for example, 'United States'. [PostOfficeBox <String>]: The post office box number. [PostalCode <String>]: The postal code. [State <String>]: The state. [Street <String>]: The street. [Type <String>]: physicalAddressType [AlternateNames <String[]>]: Alternate names for this entity that are part of the certificate. [CommonName <String>]: A common name for this entity. [Email <String>]: An email for this entity. [GivenName <String>]: If the entity is a person, this is the person's given name (first name). [OrganizationName <String>]: If the entity is an organization, this is the name of the organization. [OrganizationUnitName <String>]: If the entity is an organization, this communicates if a unit in the organization is named on the entity. [SerialNumber <String>]: A serial number assigned to the entity; usually only available if the entity is the issuer. [Surname <String>]: If the entity is a person, this is the person's surname (last name). [LastSeenDateTime <DateTime?>]: The most recent date and time when this sslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [RelatedHosts <IMicrosoftGraphSecurityHost[]>]: The host resources related with this sslCertificate. [SerialNumber <String>]: The serial number associated with an SSL certificate. [Sha1 <String>]: A SHA-1 hash of the certificate. Note: This is not the signature. [Subject <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity [Port <Int32?>]: The numerical identifier of the port which is standardized across the internet. [Protocol <String>]: hostPortProtocol [Services <IMicrosoftGraphSecurityHostPortComponent[]>]: The hostPortComponents retrieved from scanning the port. [Component <IMicrosoftGraphSecurityHostComponent>]: hostComponent [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [IsRecent <Boolean?>]: Indicates whether this hostPortComponent is recent, which is determined by whether the hostPortComponent was observed either at the same time or after the latest hostPortBanner in the scan history, or within two days of the latest scan of the hostPort when there are no hostPortBanners in the scan history. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Status <String>]: hostPortStatus [TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPort in all its scans. [Reputation <IMicrosoftGraphSecurityHostReputation>]: hostReputation [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [Classification <String>]: hostReputationClassification [Rules <IMicrosoftGraphSecurityHostReputationRule[]>]: A collection of rules that have been used to calculate the classification and score. [Description <String>]: The description of the rule that gives more context. [Name <String>]: The name of the rule. [RelatedDetailsUrl <String>]: Link to a web page with details related to this rule. [Severity <String>]: hostReputationRuleSeverity [Score <Int32?>]: The calculated score (0-100) of the requested host. A higher value indicates that this host is more likely to be suspicious or malicious. [SslCertificates <IMicrosoftGraphSecurityHostSslCertificate[]>]: The hostSslCertificates that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time that this hostSslCertificate was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time that this hostSslCertificate was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Ports <IMicrosoftGraphSecurityHostSslCertificatePort[]>]: The ports related with this hostSslCertificate. [FirstSeenDateTime <DateTime?>]: The first date and time that this port was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The most recent date and time that this port was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Port <Int32?>]: The port number. [SslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate [Subdomains <IMicrosoftGraphSecuritySubdomain[]>]: The subdomains that are associated with this host. [Trackers <IMicrosoftGraphSecurityHostTracker[]>]: The hostTrackers that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [Kind <String>]: The kind of hostTracker that was detected. For example, GoogleAnalyticsID or JarmHash. [LastSeenDateTime <DateTime?>]: The most recent date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Value <String>]: The identification value for the hostTracker. [Whois <IMicrosoftGraphSecurityWhoisRecord>]: whoisRecord [(Any) <Object>]: This indicates any property can be added to this object. [Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [(Any) <Object>]: This indicates any property can be added to this object. [Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress [Email <String>]: The email of this WHOIS contact. [Fax <String>]: The fax of this WHOIS contact. No format is guaranteed. [Name <String>]: The name of this WHOIS contact. [Organization <String>]: The organization of this WHOIS contact. [Telephone <String>]: The telephone of this WHOIS contact. No format is guaranteed. [Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [DomainStatus <String>]: The domain status for this WHOIS object. [ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Nameservers <IMicrosoftGraphSecurityWhoisNameserver[]>]: The nameservers for this WHOIS object. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS contact. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS contact. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RawWhoisText <String>]: The raw WHOIS details for this WHOIS object. [Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [WhoisServer <String>]: The WHOIS server that provides the details. [Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Id <String>]: The unique identifier for an entity. Read-only. [History <IMicrosoftGraphSecurityWhoisHistoryRecord[]>]: The collection of historical records associated to this WHOIS object. [Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [DomainStatus <String>]: The domain status for this WHOIS object. [ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Nameservers <IMicrosoftGraphSecurityWhoisNameserver[]>]: The nameservers for this WHOIS object. [Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RawWhoisText <String>]: The raw WHOIS details for this WHOIS object. [Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [WhoisServer <String>]: The WHOIS server that provides the details. [Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Id <String>]: The unique identifier for an entity. Read-only.
TRACKERS <IMicrosoftGraphSecurityHostTracker[]>: The hostTrackers that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ChildHostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are resources associated with a host, where that host is the parentHost and has an outgoing pairing to a cihldHost. [Id <String>]: The unique identifier for an entity. Read-only. [ChildHost <IMicrosoftGraphSecurityHost>]: host [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPair. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LinkKind <String>]: The reason that two hosts are identified as hostPair. [ParentHost <IMicrosoftGraphSecurityHost>]: host [Components <IMicrosoftGraphSecurityHostComponent[]>]: The hostComponents that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [Category <String>]: The type of component that was detected (for example, Operating System, Framework, Remote Access, or Server). [FirstSeenDateTime <DateTime?>]: The first date and time when this web component was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time when this web component was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Name <String>]: A name running on the artifact, for example, Microsoft IIS. [Version <String>]: The component version running on the artifact, for example, v8.5. This shouldn't be assumed to be strictly numerical. [Cookies <IMicrosoftGraphSecurityHostCookie[]>]: The hostCookies that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [Domain <String>]: The URI for which the cookie is valid. [FirstSeenDateTime <DateTime?>]: The first date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Name <String>]: The name of the cookie, for example, JSESSIONID or SEARCH_NAMESITE. [FirstSeenDateTime <DateTime?>]: The first date and time when this host was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [HostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are associated with this host, where this host is either the parentHost or childHost. [LastSeenDateTime <DateTime?>]: The most recent date and time when this host was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [ParentHostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are associated with a host, where that host is the childHost and has an incoming pairing with a parentHost. [PassiveDns <IMicrosoftGraphSecurityPassiveDnsRecord[]>]: Passive DNS retrieval about this host. [Id <String>]: The unique identifier for an entity. Read-only. [Artifact <IMicrosoftGraphSecurityArtifact>]: artifact [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [CollectedDateTime <DateTime?>]: The date and time that this passiveDnsRecord entry was collected by Microsoft. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was first seen. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was most recently seen. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [ParentHost <IMicrosoftGraphSecurityHost>]: host [RecordType <String>]: The DNS record type for this passiveDnsRecord entry. [PassiveDnsReverse <IMicrosoftGraphSecurityPassiveDnsRecord[]>]: Reverse passive DNS retrieval about this host. [Ports <IMicrosoftGraphSecurityHostPort[]>]: The hostPorts associated with a host. [Id <String>]: The unique identifier for an entity. Read-only. [Banners <IMicrosoftGraphSecurityHostPortBanner[]>]: The hostPortBanners retrieved from scanning the port. [Banner <String>]: The text response received from a web component when scanning a hostPort. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [ScanProtocol <String>]: The specific protocol used to scan the hostPort. [TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPortBanner in all its scans. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastScanDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence scanned the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPort. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [MostRecentSslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ExpirationDateTime <DateTime?>]: The date and time when a certificate expires. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Fingerprint <String>]: A hash of the certificate calculated on the data and signature. [FirstSeenDateTime <DateTime?>]: The first date and time when this sslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [IssueDateTime <DateTime?>]: The date and time when a certificate was issued. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Issuer <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity [(Any) <Object>]: This indicates any property can be added to this object. [Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress [(Any) <Object>]: This indicates any property can be added to this object. [City <String>]: The city. [CountryOrRegion <String>]: The country or region. It's a free-format string value, for example, 'United States'. [PostOfficeBox <String>]: The post office box number. [PostalCode <String>]: The postal code. [State <String>]: The state. [Street <String>]: The street. [Type <String>]: physicalAddressType [AlternateNames <String[]>]: Alternate names for this entity that are part of the certificate. [CommonName <String>]: A common name for this entity. [Email <String>]: An email for this entity. [GivenName <String>]: If the entity is a person, this is the person's given name (first name). [OrganizationName <String>]: If the entity is an organization, this is the name of the organization. [OrganizationUnitName <String>]: If the entity is an organization, this communicates if a unit in the organization is named on the entity. [SerialNumber <String>]: A serial number assigned to the entity; usually only available if the entity is the issuer. [Surname <String>]: If the entity is a person, this is the person's surname (last name). [LastSeenDateTime <DateTime?>]: The most recent date and time when this sslCertificate was observed. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [RelatedHosts <IMicrosoftGraphSecurityHost[]>]: The host resources related with this sslCertificate. [SerialNumber <String>]: The serial number associated with an SSL certificate. [Sha1 <String>]: A SHA-1 hash of the certificate. Note: This is not the signature. [Subject <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity [Port <Int32?>]: The numerical identifier of the port which is standardized across the internet. [Protocol <String>]: hostPortProtocol [Services <IMicrosoftGraphSecurityHostPortComponent[]>]: The hostPortComponents retrieved from scanning the port. [Component <IMicrosoftGraphSecurityHostComponent>]: hostComponent [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [IsRecent <Boolean?>]: Indicates whether this hostPortComponent is recent, which is determined by whether the hostPortComponent was observed either at the same time or after the latest hostPortBanner in the scan history, or within two days of the latest scan of the hostPort when there are no hostPortBanners in the scan history. [LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Status <String>]: hostPortStatus [TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPort in all its scans. [Reputation <IMicrosoftGraphSecurityHostReputation>]: hostReputation [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [Classification <String>]: hostReputationClassification [Rules <IMicrosoftGraphSecurityHostReputationRule[]>]: A collection of rules that have been used to calculate the classification and score. [Description <String>]: The description of the rule that gives more context. [Name <String>]: The name of the rule. [RelatedDetailsUrl <String>]: Link to a web page with details related to this rule. [Severity <String>]: hostReputationRuleSeverity [Score <Int32?>]: The calculated score (0-100) of the requested host. A higher value indicates that this host is more likely to be suspicious or malicious. [SslCertificates <IMicrosoftGraphSecurityHostSslCertificate[]>]: The hostSslCertificates that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time that this hostSslCertificate was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The most recent date and time that this hostSslCertificate was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Ports <IMicrosoftGraphSecurityHostSslCertificatePort[]>]: The ports related with this hostSslCertificate. [FirstSeenDateTime <DateTime?>]: The first date and time that this port was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastSeenDateTime <DateTime?>]: The most recent date and time that this port was observed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Port <Int32?>]: The port number. [SslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate [Subdomains <IMicrosoftGraphSecuritySubdomain[]>]: The subdomains that are associated with this host. [Id <String>]: The unique identifier for an entity. Read-only. [FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the subdomain. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [Trackers <IMicrosoftGraphSecurityHostTracker[]>]: The hostTrackers that are associated with this host. [Whois <IMicrosoftGraphSecurityWhoisRecord>]: whoisRecord [(Any) <Object>]: This indicates any property can be added to this object. [Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [(Any) <Object>]: This indicates any property can be added to this object. [Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress [Email <String>]: The email of this WHOIS contact. [Fax <String>]: The fax of this WHOIS contact. No format is guaranteed. [Name <String>]: The name of this WHOIS contact. [Organization <String>]: The organization of this WHOIS contact. [Telephone <String>]: The telephone of this WHOIS contact. No format is guaranteed. [Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [DomainStatus <String>]: The domain status for this WHOIS object. [ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Nameservers <IMicrosoftGraphSecurityWhoisNameserver[]>]: The nameservers for this WHOIS object. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS contact. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS contact. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RawWhoisText <String>]: The raw WHOIS details for this WHOIS object. [Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [WhoisServer <String>]: The WHOIS server that provides the details. [Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Id <String>]: The unique identifier for an entity. Read-only. [History <IMicrosoftGraphSecurityWhoisHistoryRecord[]>]: The collection of historical records associated to this WHOIS object. [Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [DomainStatus <String>]: The domain status for this WHOIS object. [ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Host <IMicrosoftGraphSecurityHost>]: host [LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Nameservers <IMicrosoftGraphSecurityWhoisNameserver[]>]: The nameservers for this WHOIS object. [Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RawWhoisText <String>]: The raw WHOIS details for this WHOIS object. [Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [WhoisServer <String>]: The WHOIS server that provides the details. [Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact [Id <String>]: The unique identifier for an entity. Read-only. [Kind <String>]: The kind of hostTracker that was detected. For example, GoogleAnalyticsID or JarmHash. [LastSeenDateTime <DateTime?>]: The most recent date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [Value <String>]: The identification value for the hostTracker.
WHOIS <IMicrosoftGraphSecurityWhoisRecord>: whoisRecord
[(Any) <Object>]: This indicates any property can be added to this object.
[Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[(Any) <Object>]: This indicates any property can be added to this object.
[Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress
[(Any) <Object>]: This indicates any property can be added to this object.
[City <String>]: The city.
[CountryOrRegion <String>]: The country or region.
It's a free-format string value, for example, 'United States'.
[PostOfficeBox <String>]: The post office box number.
[PostalCode <String>]: The postal code.
[State <String>]: The state.
[Street <String>]: The street.
[Type <String>]: physicalAddressType
[Email <String>]: The email of this WHOIS contact.
[Fax <String>]: The fax of this WHOIS contact.
No format is guaranteed.
[Name <String>]: The name of this WHOIS contact.
[Organization <String>]: The organization of this WHOIS contact.
[Telephone <String>]: The telephone of this WHOIS contact.
No format is guaranteed.
[Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[DomainStatus <String>]: The domain status for this WHOIS object.
[ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Host <IMicrosoftGraphSecurityHost>]: host
[(Any) <Object>]: This indicates any property can be added to this object.
[Id <String>]: The unique identifier for an entity.
Read-only.
[ChildHostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are resources associated with a host, where that host is the parentHost and has an outgoing pairing to a cihldHost.
[Id <String>]: The unique identifier for an entity.
Read-only.
[ChildHost <IMicrosoftGraphSecurityHost>]: host
[FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPair.
The timestamp type represents date and time information using ISO 8601 format and is always in UTC.
For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.
[LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPair.
The timestamp type represents date and time information using ISO 8601 format and is always in UTC.
For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.
[LinkKind <String>]: The reason that two hosts are identified as hostPair.
[ParentHost <IMicrosoftGraphSecurityHost>]: host
[Components <IMicrosoftGraphSecurityHostComponent[]>]: The hostComponents that are associated with this host.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Category <String>]: The type of component that was detected (for example, Operating System, Framework, Remote Access, or Server).
[FirstSeenDateTime <DateTime?>]: The first date and time when this web component was observed by Microsoft Defender Threat Intelligence.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Host <IMicrosoftGraphSecurityHost>]: host
[LastSeenDateTime <DateTime?>]: The most recent date and time when this web component was observed by Microsoft Defender Threat Intelligence.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Name <String>]: A name running on the artifact, for example, Microsoft IIS.
[Version <String>]: The component version running on the artifact, for example, v8.5.
This shouldn't be assumed to be strictly numerical.
[Cookies <IMicrosoftGraphSecurityHostCookie[]>]: The hostCookies that are associated with this host.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Domain <String>]: The URI for which the cookie is valid.
[FirstSeenDateTime <DateTime?>]: The first date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Host <IMicrosoftGraphSecurityHost>]: host
[LastSeenDateTime <DateTime?>]: The most recent date and time when this hostCookie was observed by Microsoft Defender Threat Intelligence.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Name <String>]: The name of the cookie, for example, JSESSIONID or SEARCH_NAMESITE.
[FirstSeenDateTime <DateTime?>]: The first date and time when this host was observed.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[HostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are associated with this host, where this host is either the parentHost or childHost.
[LastSeenDateTime <DateTime?>]: The most recent date and time when this host was observed.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[ParentHostPairs <IMicrosoftGraphSecurityHostPair[]>]: The hostPairs that are associated with a host, where that host is the childHost and has an incoming pairing with a parentHost.
[PassiveDns <IMicrosoftGraphSecurityPassiveDnsRecord[]>]: Passive DNS retrieval about this host.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Artifact <IMicrosoftGraphSecurityArtifact>]: artifact
[(Any) <Object>]: This indicates any property can be added to this object.
[Id <String>]: The unique identifier for an entity.
Read-only.
[CollectedDateTime <DateTime?>]: The date and time that this passiveDnsRecord entry was collected by Microsoft.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[FirstSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was first seen.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[LastSeenDateTime <DateTime?>]: The date and time when this passiveDnsRecord entry was most recently seen.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[ParentHost <IMicrosoftGraphSecurityHost>]: host
[RecordType <String>]: The DNS record type for this passiveDnsRecord entry.
[PassiveDnsReverse <IMicrosoftGraphSecurityPassiveDnsRecord[]>]: Reverse passive DNS retrieval about this host.
[Ports <IMicrosoftGraphSecurityHostPort[]>]: The hostPorts associated with a host.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Banners <IMicrosoftGraphSecurityHostPortBanner[]>]: The hostPortBanners retrieved from scanning the port.
[Banner <String>]: The text response received from a web component when scanning a hostPort.
[FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner.
The timestamp type represents date and time information using ISO 8601 format and is always in UTC.
For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.
[LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortBanner.
The timestamp type represents date and time information using ISO 8601 format and is always in UTC.
For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.
[ScanProtocol <String>]: The specific protocol used to scan the hostPort.
[TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPortBanner in all its scans.
[FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPort.
The timestamp type represents date and time information using ISO 8601 format and is always in UTC.
For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.
[Host <IMicrosoftGraphSecurityHost>]: host
[LastScanDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence scanned the hostPort.
The timestamp type represents date and time information using ISO 8601 format and is always in UTC.
For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.
[LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPort.
The timestamp type represents date and time information using ISO 8601 format and is always in UTC.
For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.
[MostRecentSslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate
[(Any) <Object>]: This indicates any property can be added to this object.
[Id <String>]: The unique identifier for an entity.
Read-only.
[ExpirationDateTime <DateTime?>]: The date and time when a certificate expires.
The timestamp type represents date and time information using ISO 8601 format and is always in UTC.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Fingerprint <String>]: A hash of the certificate calculated on the data and signature.
[FirstSeenDateTime <DateTime?>]: The first date and time when this sslCertificate was observed.
The timestamp type represents date and time information using ISO 8601 format and is always in UTC.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[IssueDateTime <DateTime?>]: The date and time when a certificate was issued.
The timestamp type represents date and time information using ISO 8601 format and is always in UTC.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Issuer <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity
[(Any) <Object>]: This indicates any property can be added to this object.
[Address <IMicrosoftGraphPhysicalAddress>]: physicalAddress
[AlternateNames <String[]>]: Alternate names for this entity that are part of the certificate.
[CommonName <String>]: A common name for this entity.
[Email <String>]: An email for this entity.
[GivenName <String>]: If the entity is a person, this is the person's given name (first name).
[OrganizationName <String>]: If the entity is an organization, this is the name of the organization.
[OrganizationUnitName <String>]: If the entity is an organization, this communicates if a unit in the organization is named on the entity.
[SerialNumber <String>]: A serial number assigned to the entity; usually only available if the entity is the issuer.
[Surname <String>]: If the entity is a person, this is the person's surname (last name).
[LastSeenDateTime <DateTime?>]: The most recent date and time when this sslCertificate was observed.
The timestamp type represents date and time information using ISO 8601 format and is always in UTC.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[RelatedHosts <IMicrosoftGraphSecurityHost[]>]: The host resources related with this sslCertificate.
[SerialNumber <String>]: The serial number associated with an SSL certificate.
[Sha1 <String>]: A SHA-1 hash of the certificate.
Note: This is not the signature.
[Subject <IMicrosoftGraphSecuritySslCertificateEntity>]: sslCertificateEntity
[Port <Int32?>]: The numerical identifier of the port which is standardized across the internet.
[Protocol <String>]: hostPortProtocol
[Services <IMicrosoftGraphSecurityHostPortComponent[]>]: The hostPortComponents retrieved from scanning the port.
[Component <IMicrosoftGraphSecurityHostComponent>]: hostComponent
[FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent.
The timestamp type represents date and time information using ISO 8601 format and is always in UTC.
For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.
[IsRecent <Boolean?>]: Indicates whether this hostPortComponent is recent, which is determined by whether the hostPortComponent was observed either at the same time or after the latest hostPortBanner in the scan history, or within two days of the latest scan of the hostPort when there are no hostPortBanners in the scan history.
[LastSeenDateTime <DateTime?>]: The last date and time when Microsoft Defender Threat Intelligence observed the hostPortComponent.
The timestamp type represents date and time information using ISO 8601 format and is always in UTC.
For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.
[Status <String>]: hostPortStatus
[TimesObserved <Int32?>]: The total amount of times that Microsoft Defender Threat Intelligence has observed the hostPort in all its scans.
[Reputation <IMicrosoftGraphSecurityHostReputation>]: hostReputation
[(Any) <Object>]: This indicates any property can be added to this object.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Classification <String>]: hostReputationClassification
[Rules <IMicrosoftGraphSecurityHostReputationRule[]>]: A collection of rules that have been used to calculate the classification and score.
[Description <String>]: The description of the rule that gives more context.
[Name <String>]: The name of the rule.
[RelatedDetailsUrl <String>]: Link to a web page with details related to this rule.
[Severity <String>]: hostReputationRuleSeverity
[Score <Int32?>]: The calculated score (0-100) of the requested host.
A higher value indicates that this host is more likely to be suspicious or malicious.
[SslCertificates <IMicrosoftGraphSecurityHostSslCertificate[]>]: The hostSslCertificates that are associated with this host.
[Id <String>]: The unique identifier for an entity.
Read-only.
[FirstSeenDateTime <DateTime?>]: The first date and time that this hostSslCertificate was observed.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Host <IMicrosoftGraphSecurityHost>]: host
[LastSeenDateTime <DateTime?>]: The most recent date and time that this hostSslCertificate was observed.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Ports <IMicrosoftGraphSecurityHostSslCertificatePort[]>]: The ports related with this hostSslCertificate.
[FirstSeenDateTime <DateTime?>]: The first date and time that this port was observed.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[LastSeenDateTime <DateTime?>]: The most recent date and time that this port was observed.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Port <Int32?>]: The port number.
[SslCertificate <IMicrosoftGraphSecuritySslCertificate>]: sslCertificate
[Subdomains <IMicrosoftGraphSecuritySubdomain[]>]: The subdomains that are associated with this host.
[Id <String>]: The unique identifier for an entity.
Read-only.
[FirstSeenDateTime <DateTime?>]: The first date and time when Microsoft Defender Threat Intelligence observed the subdomain.
The timestamp type represents date and time information using ISO 8601 format and is always in UTC.
For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z.
[Host <IMicrosoftGraphSecurityHost>]: host
[Trackers <IMicrosoftGraphSecurityHostTracker[]>]: The hostTrackers that are associated with this host.
[Id <String>]: The unique identifier for an entity.
Read-only.
[FirstSeenDateTime <DateTime?>]: The first date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Host <IMicrosoftGraphSecurityHost>]: host
[Kind <String>]: The kind of hostTracker that was detected.
For example, GoogleAnalyticsID or JarmHash.
[LastSeenDateTime <DateTime?>]: The most recent date and time when this hostTracker was observed by Microsoft Defender Threat Intelligence.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Value <String>]: The identification value for the hostTracker.
[Whois <IMicrosoftGraphSecurityWhoisRecord>]: whoisRecord
[LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Nameservers <IMicrosoftGraphSecurityWhoisNameserver[]>]: The nameservers for this WHOIS object.
[FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS contact.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Host <IMicrosoftGraphSecurityHost>]: host
[LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS contact.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[RawWhoisText <String>]: The raw WHOIS details for this WHOIS object.
[Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[WhoisServer <String>]: The WHOIS server that provides the details.
[Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[Id <String>]: The unique identifier for an entity.
Read-only.
[History <IMicrosoftGraphSecurityWhoisHistoryRecord[]>]: The collection of historical records associated to this WHOIS object.
[Abuse <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[Admin <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[Billing <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[DomainStatus <String>]: The domain status for this WHOIS object.
[ExpirationDateTime <DateTime?>]: The date and time when this WHOIS record expires with the registrar.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[FirstSeenDateTime <DateTime?>]: The first seen date and time of this WHOIS record.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Host <IMicrosoftGraphSecurityHost>]: host
[LastSeenDateTime <DateTime?>]: The last seen date and time of this WHOIS record.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[LastUpdateDateTime <DateTime?>]: The date and time when this WHOIS record was last modified.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Nameservers <IMicrosoftGraphSecurityWhoisNameserver[]>]: The nameservers for this WHOIS object.
[Noc <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[RawWhoisText <String>]: The raw WHOIS details for this WHOIS object.
[Registrant <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[Registrar <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[RegistrationDateTime <DateTime?>]: The date and time when this WHOIS record was registered with a registrar.
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
[Technical <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[WhoisServer <String>]: The WHOIS server that provides the details.
[Zone <IMicrosoftGraphSecurityWhoisContact>]: whoisContact
[Id <String>]: The unique identifier for an entity.
Read-only.