SOLVED
Home

https://graph.microsoft.com/beta/security/alerts Not returning any data: value: []

%3CLINGO-SUB%20id%3D%22lingo-sub-191898%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsecurity%2Falerts%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsecurity%2Falerts%3C%2FA%3E%20Not%20returning%20any%20data%3A%20value%3A%20%5B%5D%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-191898%22%20slang%3D%22en-US%22%3E%3CP%3EWe've%20tested%20the%20%2Fsecurity%2Falerts%20api%20from%202%20different%20tenants.%26nbsp%3BIn%26nbsp%3Bboth%20tenants%20we%20have%20Azure%20AD%20Identity%20Protection%20and%20Azure%20Security%20Center%20Alerts.%20We%20can%20see%20those%20alerts%20from%20their%20respective%20blades%20in%20Azure%20Portal.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsecurity%2Falerts%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsecurity%2Falerts%3C%2FA%3E%20returns%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%7B%3CBR%20%2F%3E%22%40odata.context%22%3A%20%22%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fbeta%2F%24metadata%23Security%2Falerts%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fbeta%2F%24metadata%23Security%2Falerts%3C%2FA%3E%22%2C%3CBR%20%2F%3E%22value%22%3A%20%5B%5D%3CBR%20%2F%3E%7D%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe're%20properly%20authenticated%20with%20proper%20permisions.%20We've%20tried%20it%20from%20the%20graph%20explorer%20and%20from%20both%20c%23%20samples%20(desktop%20and%20asp.net)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20you%20give%20us%20a%20hand%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-338269%22%20slang%3D%22en-US%22%3ERe%3A%20%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsecurity%2Falerts%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsecurity%2Falerts%3C%2FA%3E%20Not%20returning%20any%20data%3A%20value%3A%20%5B%5D%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-338269%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20the%20same%20issue%20but%20with%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fv0.1%2Fsecurity%2Falerts%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fv0.1%2Fsecurity%2Falerts%3C%2FA%3E.%20We%20always%20get%20empty%20alerts%20since%202019%2F01%2F08%20for%20one%20tenant%2C%20before%20that%20it%20was%20working.%20Would%20you%20please%20help%20on%20that%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-215421%22%20slang%3D%22en-US%22%3ERe%3A%20%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsecurity%2Falerts%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsecurity%2Falerts%3C%2FA%3E%20Not%20returning%20any%20data%3A%20value%3A%20%5B%5D%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-215421%22%20slang%3D%22en-US%22%3E%3CP%3EAlerts%20from%20Windows%20Defender%20ATP%20are%20currently%20in%20Private%20Preview%20-%20will%20update%20when%20you%20can%20test%20this.%3C%2FP%3E%0A%3CP%3EIf%20you%20enabled%20WDATP%20in%20Azure%20Security%20Center%2C%20you%20should%20see%20these%20alerts%20included%20in%20the%20ASC%20alerts.%3C%2FP%3E%0A%3CP%3EMichael%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-196460%22%20slang%3D%22en-US%22%3ERe%3A%20%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsecurity%2Falerts%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsecurity%2Falerts%3C%2FA%3E%20Not%20returning%20any%20data%3A%20value%3A%20%5B%5D%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-196460%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%2C%26nbsp%3B%3CBR%20%2F%3ECan%20you%20please%20elaborate%20the%20steps%20taken%20to%20solve%20the%20issue.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3Esince%20I'm%20facing%20the%20same%20issue%2C%20but%20I%20have%20Advanced%20Threat%20Protection%20as%20security%20provider%20.%26nbsp%3B%3CBR%20%2F%3EI%20have%20already%20defined%20a%20security%20alerts%20policy%20and%20a%20threat%20management%20policy.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3EThanks%2C%26nbsp%3B%3CBR%20%2F%3ETariq%26nbsp%3B%3C%2FP%3E%3CBLOCKQUOTE%3E%3CHR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F31297%22%20target%3D%22_blank%22%3E%40Michael%20Shalev%3C%2FA%3E%26nbsp%3Bwrote%3A%3CBR%20%2F%3EIssue%20was%20successfully%20resolved%3CHR%20%2F%3E%3C%2FBLOCKQUOTE%3E%3CP%3E%3CBR%20%2F%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-193480%22%20slang%3D%22en-US%22%3ERe%3A%20%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsecurity%2Falerts%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsecurity%2Falerts%3C%2FA%3E%20Not%20returning%20any%20data%3A%20value%3A%20%5B%5D%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-193480%22%20slang%3D%22en-US%22%3EIssue%20was%20successfully%20resolved%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-192125%22%20slang%3D%22en-US%22%3ERe%3A%20%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsecurity%2Falerts%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsecurity%2Falerts%3C%2FA%3E%20Not%20returning%20any%20data%3A%20value%3A%20%5B%5D%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-192125%22%20slang%3D%22en-US%22%3ECertainly%2C%20we'll%20be%20happy%20to%20assist.%20I%20suggest%20sending%20me%20the%20Azure%20tenant%20ID%2Fs%20over%20a%20private%20message%20so%20we%20can%20investigate%20your%20not%20getting%20any%20results%20to%20your%20queries.%20Michael%3C%2FLINGO-BODY%3E
Highlighted
Christian Rodríguez Giménez
Occasional Contributor

We've tested the /security/alerts api from 2 different tenants. In both tenants we have Azure AD Identity Protection and Azure Security Center Alerts. We can see those alerts from their respective blades in Azure Portal.

 

But https://graph.microsoft.com/beta/security/alerts returns 

 

{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#Security/alerts",
"value": []
}

 

We're properly authenticated with proper permisions. We've tried it from the graph explorer and from both c# samples (desktop and asp.net)

 

Can you give us a hand?

5 Replies
Certainly, we'll be happy to assist. I suggest sending me the Azure tenant ID/s over a private message so we can investigate your not getting any results to your queries. Michael
Solution
Issue was successfully resolved

Hi , 
Can you please elaborate the steps taken to solve the issue. 

since I'm facing the same issue, but I have Advanced Threat Protection as security provider . 
I have already defined a security alerts policy and a threat management policy. 


Thanks, 
Tariq 


@Michael Shalev wrote:
Issue was successfully resolved


 

Alerts from Windows Defender ATP are currently in Private Preview - will update when you can test this.

If you enabled WDATP in Azure Security Center, you should see these alerts included in the ASC alerts.

Michael

I have the same issue but with https://graph.microsoft.com/v0.1/security/alerts. We always get empty alerts since 2019/01/08 for one tenant, before that it was working. Would you please help on that? 

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies