cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

https://graph.microsoft.com/beta/security/alerts Not returning any data: value: []

Christian Rodríguez Giménez
Brass Contributor

‎May 09 2018 06:24 AM

‎May 09 2018 06:24 AM

https://graph.microsoft.com/beta/security/alerts Not returning any data: value: []

We've tested the /security/alerts api from 2 different tenants. In both tenants we have Azure AD Identity Protection and Azure Security Center Alerts. We can see those alerts from their respective blades in Azure Portal.

 

But https://graph.microsoft.com/beta/security/alerts returns 

 

{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#Security/alerts",
"value": []
}

 

We're properly authenticated with proper permisions. We've tried it from the graph explorer and from both c# samples (desktop and asp.net)

 

Can you give us a hand?

4,047 Views
0 Likes
7 Replies
Reply
7 Replies
Michael Shalev

‎May 09 2018 03:04 PM

‎May 09 2018 03:04 PM

Re: https://graph.microsoft.com/beta/security/alerts Not returning any data: value: []

Certainly, we'll be happy to assist. I suggest sending me the Azure tenant ID/s over a private message so we can investigate your not getting any results to your queries. Michael
0 Likes
Reply
best response confirmed by Christian Rodríguez Giménez (Brass Contributor)
Michael Shalev

‎May 14 2018 11:06 AM

‎May 14 2018 11:06 AM

Solution

Re: https://graph.microsoft.com/beta/security/alerts Not returning any data: value: []

Issue was successfully resolved
0 Likes
Reply
Tariq Gharra

‎May 22 2018 01:16 PM

‎May 22 2018 01:16 PM

Re: https://graph.microsoft.com/beta/security/alerts Not returning any data: value: []

Hi , 
Can you please elaborate the steps taken to solve the issue. 

since I'm facing the same issue, but I have Advanced Threat Protection as security provider . 
I have already defined a security alerts policy and a threat management policy. 


Thanks, 
Tariq 

@Michael Shalev wrote:
Issue was successfully resolved


 

1 Like
Reply
Michael Shalev

‎Jul 13 2018 09:17 AM

‎Jul 13 2018 09:17 AM

Re: https://graph.microsoft.com/beta/security/alerts Not returning any data: value: []

Alerts from Windows Defender ATP are currently in Private Preview - will update when you can test this.

If you enabled WDATP in Azure Security Center, you should see these alerts included in the ASC alerts.

Michael

0 Likes
Reply
aaron_yang

‎Feb 12 2019 09:42 PM

‎Feb 12 2019 09:42 PM

Re: https://graph.microsoft.com/beta/security/alerts Not returning any data: value: []

I have the same issue but with https://graph.microsoft.com/v0.1/security/alerts. We always get empty alerts since 2019/01/08 for one tenant, before that it was working. Would you please help on that? 

0 Likes
Reply
txmowery

‎Oct 19 2020 08:03 AM - edited ‎Oct 19 2020 08:03 AM

‎Oct 19 2020 08:03 AM - edited ‎Oct 19 2020 08:03 AM

Re: https://graph.microsoft.com/beta/security/alerts Not returning any data: value: []

@Michael Shalev Have similar issue when calling https://graph.microsoft.com/v1.0/security/alerts via python.  The properties returned do not reflect what is in the documentation. I.e : Category (per docs) = category String Category of the alert (for example, credentialTheft, ransomware, etc.).

 

I'm getting a GUID for category. Other properties like incidentIds are blank...

 

 

      "id": "redacted",
      "azureTenantId": "redacted",
      "azureSubscriptionId": "redacted",
      "riskScore": null,
      "tags": [],
      "activityGroupName": null,
      "assignedTo": null,
      "category": "e573729c-f65f-46cc-b31b-f5ad7c32ff59_aa5de612-30f2-4e66-8a7f-da99b946ce54",
      "closedDateTime": null,
      "comments": [],
      "confidence": null,
      "createdDateTime": "2020-10-18T18:54:41.9442907Z",
      "description": "Identifies when a rare Resource and ResourceGroup deployment occurs by a previously unseen Caller.",
      "detectionIds": [],
      "eventDateTime": "2020-10-04T18:49:39.9931844Z",
      "feedback": null,
      "incidentIds": [],
      "lastModifiedDateTime": "2020-10-18T18:54:42.0552251Z",
      "recommendedActions": [],
      "severity": "low",
      "sourceMaterials": [],
      "status": "newAlert",
      "title": "Suspicious Resource deployment",

 

 

Any thoughts?

 

 

0 Likes
Reply
Jmarci666

‎Feb 25 2021 06:12 AM

‎Feb 25 2021 06:12 AM

Re: https://graph.microsoft.com/beta/security/alerts Not returning any data: value: []

@Michael Shalev 

Hello,

I also see that incidents collected via API in my test environment are missing values for incidentIds. I'm also curious why there's no field carrying URL link to incident which is present in UI. That would make life easier for SOC analyst investigating this. Any ideas?

Best regards,

Jmarci

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Christian Rodríguez Giménez (Brass Contributor)
Michael Shalev

‎May 14 2018 11:06 AM

‎May 14 2018 11:06 AM

Solution

Re: https://graph.microsoft.com/beta/security/alerts Not returning any data: value: []

Issue was successfully resolved

View solution in original post

0 Likes
Reply