01-14-2021 11:30 AM
I created a PowerShell script that calls the Security Center Defender for Endpoint api to create a machine tag. I am experiencing some irregular behavior. I will make the call, and it will return a success code of 200 and my expectation is the tag has been created. When I go into Security Center for Defender for Endpoint, I may not see the tag. I could run the same script again, and the tag will be there. I am making sure to stay within the API limitations of 100 calls per minute, 1500 calls per hour. I don't know what is wrong. Any ideas? Here is a snippet:
$myurl = "https://api-us.securitycenter.windows.com/api/machines/" + $machine.id + "/tags"
$body =
@{
"Value" = $tag
“Action” = "Add"
}
# Send the webrequest and get the results.
$response = Invoke-WebRequest -Method Post -Uri $myurl -Body ($body | ConvertTo-Json) -Headers $headers -ErrorAction Stop
if ($response.StatusCode -eq 200)
{
Write-Host "Added tag $tag to " $machine.computerDnsName
}
Friday
Sunday
I do not see the tags even after waiting a day. They are really not there. The problem occurs both when adding and removing tags. I get a 200 response, indicating everything was OK, but then the tag was not added or removed as expected. I guess I could do another call to see if the tag is there, but it wastes a lot of API calls.