What does lastUpdateTime entail?

Frequent Visitor



I am using the Security Center API to retrieve incidents and alerts, and add them to our ITSM platform. During the parsing of the JSON response, I have to check if the incident retrieved is already registered and if it is, if it also has been updated since last time.


My issue is that I am unsure what to check for if the incident indeed has been updated. I don't want to check more than necessary. I am hoping that if it has been updated, this only means that a new alert has been attached, but I fear that any property of the incident might change.


I have not been able to find any resources that specify what might trigger the lastUpdateTime property, so I turn to you for help.


Info from MS about the API call: https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-list-incidents?view=o365-worldwide


Edit: I am checking the lastUpdateTime field, of course, to verify it has been updated. If it was not clear, I am wondering which other fields might change if it has been updated.

0 Replies