Unable to update the alert in Security Graph using HTTP connector

%3CLINGO-SUB%20id%3D%22lingo-sub-1200468%22%20slang%3D%22en-US%22%3EUnable%20to%20update%20the%20alert%20in%20Security%20Graph%20using%20HTTP%20connector%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1200468%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20trying%20to%20get%20requests%20for%20security%20alerts%20using%20the%20http%20connector%20available%20in%20Logic%20apps.%20We%20are%20querying%20the%20Graph%20Explorer%20API%20using%20the%20GET%20method%20and%20we%20are%20able%20to%20get%20the%20requested%20results.%20However%20when%20we%20try%20to%20update%20the%20alert%20using%20the%20PATCH%20method%2C%20by%20changing%20some%20values%20like%20assigned%20to%2C%20comments%2C%20tags%2C%20vendor%20information%20etc%20and%20run%20the%20trigger%20it%20fails%20with%20one%20message%3A%3C%2FP%3E%3CDIV%3E%3CSPAN%3Emessage%22%3C%2FSPAN%3E%3CSPAN%3E%3A%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%22Request%26nbsp%3Bbody%26nbsp%3Bhas%26nbsp%3Binvalid%26nbsp%3Bcontent%26nbsp%3Bfor%26nbsp%3Bproperty%26nbsp%3BclosedDateTime%22.%20As%20far%20as%20closedDateTime%20is%20concerned%20we%20tried%20with%20utcNow()%2C%20utcNow('D')%20but%20it%20fails.%20Did%20anyone%20here%20manage%20to%20update%20the%20alerts%20without%20errors%3F%20Any%20leads%20wrt%20to%20this%20will%20really%20be%20helpful.%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1201013%22%20slang%3D%22en-US%22%3ERe%3A%20Unable%20to%20update%20the%20alert%20in%20Security%20Graph%20using%20HTTP%20connector%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1201013%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F428046%22%20target%3D%22_blank%22%3E%40Pranesh1060%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Edid%20you%20enclose%20the%20date%20in%20%22%3F%3C%2FP%3E%0A%3CP%3Eutcnow()%20will%20give%20you%20the%20right%20format%2C%20but%20as%20you%20can%20see%20here%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fgraph%2Fapi%2Falert-update%3Fview%3Dgraph-rest-1.0%26amp%3Btabs%3Dhttp%23request-1%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fgraph%2Fapi%2Falert-update%3Fview%3Dgraph-rest-1.0%26amp%3Btabs%3Dhttp%23request-1%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%7B%20%3C%2FSPAN%3E%3CSPAN%20class%3D%22hljs-attr%22%3E%22assignedTo%22%3C%2FSPAN%3E%3CSPAN%3E%3A%20%3C%2FSPAN%3E%3CSPAN%20class%3D%22hljs-string%22%3E%22String%22%3C%2FSPAN%3E%3CSPAN%3E%2C%20%3C%2FSPAN%3E%3CSPAN%20class%3D%22hljs-attr%22%3E%22closedDateTime%22%3C%2FSPAN%3E%3CSPAN%3E%3A%20%3C%2FSPAN%3E%3CSPAN%20class%3D%22hljs-string%22%3E%22String%20(timestamp)%22%3C%2FSPAN%3E%3CSPAN%3E%2C%20%3C%2FSPAN%3E%3CSPAN%20class%3D%22hljs-attr%22%3E%22comments%22%3C%2FSPAN%3E%3CSPAN%3E%3A%20%5B%20%3C%2FSPAN%3E%3CSPAN%20class%3D%22hljs-string%22%3E%22String%22%3C%2FSPAN%3E%3CSPAN%3E%20%5D%2C%20%3C%2FSPAN%3E%3CSPAN%20class%3D%22hljs-attr%22%3E%22feedback%22%3C%2FSPAN%3E%3CSPAN%3E%3A%20%3C%2FSPAN%3E%3CSPAN%20class%3D%22hljs-string%22%3E%22%40odata.type%3A%20microsoft.graph.alertFeedback%22%3C%2FSPAN%3E%3CSPAN%3E%2C%20%3C%2FSPAN%3E%3CSPAN%20class%3D%22hljs-attr%22%3E%22status%22%3C%2FSPAN%3E%3CSPAN%3E%3A%20%3C%2FSPAN%3E%3CSPAN%20class%3D%22hljs-string%22%3E%22%40odata.type%3A%20microsoft.graph.alertStatus%22%3C%2FSPAN%3E%3CSPAN%3E%2C%20%3C%2FSPAN%3E%3CSPAN%20class%3D%22hljs-attr%22%3E%22tags%22%3C%2FSPAN%3E%3CSPAN%3E%3A%20%5B%20%3C%2FSPAN%3E%3CSPAN%20class%3D%22hljs-string%22%3E%22String%22%3C%2FSPAN%3E%3CSPAN%3E%20%5D%2C%20%3C%2FSPAN%3E%3CSPAN%20class%3D%22hljs-attr%22%3E%22vendorInformation%22%3C%2FSPAN%3E%3CSPAN%3E%3A%20%7B%20%3C%2FSPAN%3E%3CSPAN%20class%3D%22hljs-attr%22%3E%22provider%22%3C%2FSPAN%3E%3CSPAN%3E%3A%20%3C%2FSPAN%3E%3CSPAN%20class%3D%22hljs-string%22%3E%22String%22%3C%2FSPAN%3E%3CSPAN%3E%2C%20%3C%2FSPAN%3E%3CSPAN%20class%3D%22hljs-attr%22%3E%22vendor%22%3C%2FSPAN%3E%3CSPAN%3E%3A%20%3C%2FSPAN%3E%3CSPAN%20class%3D%22hljs-string%22%3E%22String%22%3C%2FSPAN%3E%3CSPAN%3E%20%7D%20%7D%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3Ethe%20body%20needs%20to%20have%20closedDateTime%20in%20%22%22%20so%20its%20a%20string%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

Hi,

 

We are trying to get requests for security alerts using the http connector available in Logic apps. We are querying the Graph Explorer API using the GET method and we are able to get the requested results. However when we try to update the alert using the PATCH method, by changing some values like assigned to, comments, tags, vendor information etc and run the trigger it fails with one message:

message""Request body has invalid content for property closedDateTime". As far as closedDateTime is concerned we tried with utcNow(), utcNow('D') but it fails. Did anyone here manage to update the alerts without errors? Any leads wrt to this will really be helpful.
2 Replies
Highlighted

Hi @Pranesh1060 

did you enclose the date in "?

utcnow() will give you the right format, but as you can see here https://docs.microsoft.com/en-us/graph/api/alert-update?view=graph-rest-1.0&tabs=http#request-1

 

{ "assignedTo": "String", "closedDateTime": "String (timestamp)", "comments": [ "String" ], "feedback": "@odata.type: microsoft.graph.alertFeedback", "status": "@odata.type: microsoft.graph.alertStatus", "tags": [ "String" ], "vendorInformation": { "provider": "String", "vendor": "String" } }

 

the body needs to have closedDateTime in "" so its a string

Highlighted

Nicholas DiCola (SECURITY JEDI)Well I haven't as I am not sure the exact parameter to use. Would date be today's date? When the playbook is triggered how can we automatically add the date?