Microsoft Graph API missing data

Question

I'm using the Graph API to try to query the incidents in Sentinel, however not all of the data is populating properly.

The data that is especially useful for the purpose of this API call is the following, yet they are all appearing as null. When in reality, they should be populated.

Fields appearing as null:

ClosedDateTime
Comments
Assigned
Status

garybushey · Answer

leoszalkowski&nbsp;A couple of things1) The Microsoft Graph API only returns alerts, not incidents.&nbsp; I have been looking into the same issue when using the ServiceNow Graph API connector.2) Cannot go into much detail but your question may be moot very soon

clivewatson · Answer

GaryBushey&nbsp;
leoszalkowski&nbsp;
&nbsp;
If you are happy to use an api you can use the Azure Sentinel api (preview), like I show here (I use a Workbook but you can use your preferred tool):&nbsp;https://techcommunity.microsoft.com/t5/azure-sentinel/using-the-sentinel-api-to-view-data-in-a-workbook/ba-p/1386436&nbsp;and as Gary alludes to, things are planned for Incidents - more news soon&nbsp;&nbsp;
Direct link to latest version:&nbsp;https://github.com/CliveW-MSFT/KQLpublic/blob/master/KQL/Workbooks/api%20test%20v1.4.2.workbook&nbsp;which allows you to filter to see Comments, Bookmarks are in a seperate api.
&nbsp;

leoszalkowski · Answer

CliveWatson&nbsp;GaryBushey&nbsp;&nbsp;Awesome, thanks for the information guys! I'll test this out this week and see how it performs.&nbsp;&nbsp;Can't wait to hear the news.

Forum Discussion

Microsoft Graph API missing data

Share

Resources