Forum Discussion
https://graph.microsoft.com/beta/security/alerts Not returning any data: value: []
- May 14, 2018Issue was successfully resolved
- Tariq GharraMay 22, 2018Copper Contributor
Hi ,
Can you please elaborate the steps taken to solve the issue.
since I'm facing the same issue, but I have Advanced Threat Protection as security provider .
I have already defined a security alerts policy and a threat management policy.
Thanks,
Tariq
Michael Shalev wrote:
Issue was successfully resolved
- Michael ShalevJul 13, 2018Former Employee
Alerts from Windows Defender ATP are currently in Private Preview - will update when you can test this.
If you enabled WDATP in Azure Security Center, you should see these alerts included in the ASC alerts.
Michael
- txmoweryOct 19, 2020Copper Contributor
Michael Shalev Have similar issue when calling https://graph.microsoft.com/v1.0/security/alerts via python. The properties returned do not reflect what is in the documentation. I.e : Category (per docs) = category String Category of the alert (for example, credentialTheft, ransomware, etc.).
I'm getting a GUID for category. Other properties like incidentIds are blank...
"id": "redacted", "azureTenantId": "redacted", "azureSubscriptionId": "redacted", "riskScore": null, "tags": [], "activityGroupName": null, "assignedTo": null, "category": "e573729c-f65f-46cc-b31b-f5ad7c32ff59_aa5de612-30f2-4e66-8a7f-da99b946ce54", "closedDateTime": null, "comments": [], "confidence": null, "createdDateTime": "2020-10-18T18:54:41.9442907Z", "description": "Identifies when a rare Resource and ResourceGroup deployment occurs by a previously unseen Caller.", "detectionIds": [], "eventDateTime": "2020-10-04T18:49:39.9931844Z", "feedback": null, "incidentIds": [], "lastModifiedDateTime": "2020-10-18T18:54:42.0552251Z", "recommendedActions": [], "severity": "low", "sourceMaterials": [], "status": "newAlert", "title": "Suspicious Resource deployment",
Any thoughts?