Dec 01 2020 06:51 AM - edited Dec 01 2020 06:54 AM
Hi!
I am using the Security Center API to retrieve incidents and alerts, and add them to our ITSM platform. During the parsing of the JSON response, I have to check if the incident retrieved is already registered and if it is, if it also has been updated since last time.
My issue is that I am unsure what to check for if the incident indeed has been updated. I don't want to check more than necessary. I am hoping that if it has been updated, this only means that a new alert has been attached, but I fear that any property of the incident might change.
I have not been able to find any resources that specify what might trigger the lastUpdateTime property, so I turn to you for help.
Info from MS about the API call: https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-list-incidents?view=o365-worldwide
Edit: I am checking the lastUpdateTime field, of course, to verify it has been updated. If it was not clear, I am wondering which other fields might change if it has been updated.