Forum Discussion
Solved
Is there a bug in filtering by severity?
The sample works (using fake data) https://graph.microsoft.com/beta/security/alerts?filter=Severity eq 'High'&$top=5 But if I use the same call with a bearer token, it returns -> { "@odata.con...
- Creighton, we have resolved the bug that surfaced due to the recent Alert Schema update. Please verify that it now works correctly. Thank you again for your feedback.
Creighton, when using your bearer token are you getting alerts back without filter? i.e. https://graph.microsoft.com/beta/security/alerts
Yes ... the alerts work if I remove the filter
I can add other arguments like ?$orderby=eventDateTime+desc and it works as expected
Just returns [] when filtering by severity
- Thank you for your feedback. A bug report has been filed, and the team is investigating the root cause of this issue.
- Creighton, we have resolved the bug that surfaced due to the recent Alert Schema update. Please verify that it now works correctly. Thank you again for your feedback.
Works!