SOLVED
Home

https://graph.microsoft.com/beta/security/alerts Not returning any data: value: []

%3CLINGO-SUB%20id%3D%22lingo-sub-191898%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsecurity%2Falerts%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsecurity%2Falerts%3C%2FA%3E%20Not%20returning%20any%20data%3A%20value%3A%20%5B%5D%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-191898%22%20slang%3D%22en-US%22%3E%3CP%3EWe've%20tested%20the%20%2Fsecurity%2Falerts%20api%20from%202%20different%20tenants.%26nbsp%3BIn%26nbsp%3Bboth%20tenants%20we%20have%20Azure%20AD%20Identity%20Protection%20and%20Azure%20Security%20Center%20Alerts.%20We%20can%20see%20those%20alerts%20from%20their%20respective%20blades%20in%20Azure%20Portal.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsecurity%2Falerts%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsecurity%2Falerts%3C%2FA%3E%20returns%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%7B%3CBR%20%2F%3E%22%40odata.context%22%3A%20%22%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fbeta%2F%24metadata%23Security%2Falerts%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fbeta%2F%24metadata%23Security%2Falerts%3C%2FA%3E%22%2C%3CBR%20%2F%3E%22value%22%3A%20%5B%5D%3CBR%20%2F%3E%7D%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe're%20properly%20authenticated%20with%20proper%20permisions.%20We've%20tried%20it%20from%20the%20graph%20explorer%20and%20from%20both%20c%23%20samples%20(desktop%20and%20asp.net)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20you%20give%20us%20a%20hand%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-338269%22%20slang%3D%22en-US%22%3ERe%3A%20%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsecurity%2Falerts%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsecurity%2Falerts%3C%2FA%3E%20Not%20returning%20any%20data%3A%20value%3A%20%5B%5D%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-338269%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20the%20same%20issue%20but%20with%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fv0.1%2Fsecurity%2Falerts%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fv0.1%2Fsecurity%2Falerts%3C%2FA%3E.%20We%20always%20get%20empty%20alerts%20since%202019%2F01%2F08%20for%20one%20tenant%2C%20before%20that%20it%20was%20working.%20Would%20you%20please%20help%20on%20that%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-215421%22%20slang%3D%22en-US%22%3ERe%3A%20%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsecurity%2Falerts%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsecurity%2Falerts%3C%2FA%3E%20Not%20returning%20any%20data%3A%20value%3A%20%5B%5D%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-215421%22%20slang%3D%22en-US%22%3E%3CP%3EAlerts%20from%20Windows%20Defender%20ATP%20are%20currently%20in%20Private%20Preview%20-%20will%20update%20when%20you%20can%20test%20this.%3C%2FP%3E%0A%3CP%3EIf%20you%20enabled%20WDATP%20in%20Azure%20Security%20Center%2C%20you%20should%20see%20these%20alerts%20included%20in%20the%20ASC%20alerts.%3C%2FP%3E%0A%3CP%3EMichael%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-196460%22%20slang%3D%22en-US%22%3ERe%3A%20%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsecurity%2Falerts%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsecurity%2Falerts%3C%2FA%3E%20Not%20returning%20any%20data%3A%20value%3A%20%5B%5D%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-196460%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%2C%26nbsp%3B%3CBR%20%2F%3ECan%20you%20please%20elaborate%20the%20steps%20taken%20to%20solve%20the%20issue.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3Esince%20I'm%20facing%20the%20same%20issue%2C%20but%20I%20have%20Advanced%20Threat%20Protection%20as%20security%20provider%20.%26nbsp%3B%3CBR%20%2F%3EI%20have%20already%20defined%20a%20security%20alerts%20policy%20and%20a%20threat%20management%20policy.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3EThanks%2C%26nbsp%3B%3CBR%20%2F%3ETariq%26nbsp%3B%3C%2FP%3E%3CBLOCKQUOTE%3E%3CHR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F31297%22%20target%3D%22_blank%22%3E%40Michael%20Shalev%3C%2FA%3E%26nbsp%3Bwrote%3A%3CBR%20%2F%3EIssue%20was%20successfully%20resolved%3CHR%20%2F%3E%3C%2FBLOCKQUOTE%3E%3CP%3E%3CBR%20%2F%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-193480%22%20slang%3D%22en-US%22%3ERe%3A%20%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsecurity%2Falerts%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsecurity%2Falerts%3C%2FA%3E%20Not%20returning%20any%20data%3A%20value%3A%20%5B%5D%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-193480%22%20slang%3D%22en-US%22%3EIssue%20was%20successfully%20resolved%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-192125%22%20slang%3D%22en-US%22%3ERe%3A%20%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsecurity%2Falerts%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Fsecurity%2Falerts%3C%2FA%3E%20Not%20returning%20any%20data%3A%20value%3A%20%5B%5D%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-192125%22%20slang%3D%22en-US%22%3ECertainly%2C%20we'll%20be%20happy%20to%20assist.%20I%20suggest%20sending%20me%20the%20Azure%20tenant%20ID%2Fs%20over%20a%20private%20message%20so%20we%20can%20investigate%20your%20not%20getting%20any%20results%20to%20your%20queries.%20Michael%3C%2FLINGO-BODY%3E
Highlighted
Christian Rodríguez Giménez
Occasional Contributor

We've tested the /security/alerts api from 2 different tenants. In both tenants we have Azure AD Identity Protection and Azure Security Center Alerts. We can see those alerts from their respective blades in Azure Portal.

 

But https://graph.microsoft.com/beta/security/alerts returns 

 

{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#Security/alerts",
"value": []
}

 

We're properly authenticated with proper permisions. We've tried it from the graph explorer and from both c# samples (desktop and asp.net)

 

Can you give us a hand?

5 Replies
Certainly, we'll be happy to assist. I suggest sending me the Azure tenant ID/s over a private message so we can investigate your not getting any results to your queries. Michael
Solution
Issue was successfully resolved

Hi , 
Can you please elaborate the steps taken to solve the issue. 

since I'm facing the same issue, but I have Advanced Threat Protection as security provider . 
I have already defined a security alerts policy and a threat management policy. 


Thanks, 
Tariq 


@Michael Shalev wrote:
Issue was successfully resolved


 

Alerts from Windows Defender ATP are currently in Private Preview - will update when you can test this.

If you enabled WDATP in Azure Security Center, you should see these alerts included in the ASC alerts.

Michael

I have the same issue but with https://graph.microsoft.com/v0.1/security/alerts. We always get empty alerts since 2019/01/08 for one tenant, before that it was working. Would you please help on that?