I am using the Security Center API to retrieve incidents and alerts, and add them to our ITSM platform. During the parsing of the JSON response, I have to check if the incident retrieved is already registered and if it is, if it also has been updated since last time.
My issue is that I am unsure what to check for if the incident indeed has been updated. I don't want to check more than necessary. I am hoping that if it has been updated, this only means that a new alert has been attached, but I fear that any property of the incident might change.
I have not been able to find any resources that specify what might trigger the lastUpdateTime property, so I turn to you for help.