Sep 11 2018 08:49 AM
The sample works (using fake data)
https://graph.microsoft.com/beta/security/alerts?filter=Severity eq 'High'&$top=5
But if I use the same call with a bearer token, it returns ->
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#Security/alerts",
"value": []
}
(same for Medium, Low and just in case, tried high, medium and low)
If I make up a severity name, it returns ->
{
"error": {
"code": "BadRequest",
"message": "Invalid filter clause",
"innerError": {
"request-id": "20fbaaca-8f2c-4c86-9d2c-f990ca3cfe86",
"date": "2018-09-11T15:47:23"
}
}
}
So I'm thinking it is a bug ... does filtering by severity work for anyone else?
Sep 12 2018 10:46 AM
Sep 12 2018 11:19 AM
Yes ... the alerts work if I remove the filter
I can add other arguments like ?$orderby=eventDateTime+desc and it works as expected
Just returns [] when filtering by severity
Sep 13 2018 12:02 PM
Sep 17 2018 12:06 PM
SolutionSep 17 2018 12:06 PM
Solution