What does lastUpdateTime entail?

%3CLINGO-SUB%20id%3D%22lingo-sub-1944695%22%20slang%3D%22en-US%22%3EWhat%20does%20lastUpdateTime%20entail%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1944695%22%20slang%3D%22en-US%22%3E%3CP%3EHi!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20using%20the%20Security%20Center%20API%20to%20retrieve%20incidents%20and%20alerts%2C%20and%20add%20them%20to%20our%20ITSM%20platform.%20During%20the%20parsing%20of%20the%20JSON%20response%2C%20I%20have%20to%20check%20if%20the%20incident%20retrieved%20is%20already%20registered%20and%20if%20it%20is%2C%20if%20it%20also%20has%20been%20updated%20since%20last%20time.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20issue%20is%20that%20I%20am%20unsure%20what%20to%20check%20for%20if%20the%20incident%20indeed%20has%20been%20updated.%20I%20don't%20want%20to%20check%20more%20than%20necessary.%20I%20am%20hoping%20that%20if%20it%20%3CEM%3Ehas%3C%2FEM%3E%20been%20updated%2C%20this%20only%20means%20that%20a%20new%20alert%20has%20been%20attached%2C%20but%20I%20fear%20that%20any%20property%20of%20the%20incident%20might%20change.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20not%20been%20able%20to%20find%20any%20resources%20that%20specify%20what%20might%20trigger%20the%20lastUpdateTime%20property%2C%20so%20I%20turn%20to%20you%20for%20help.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EInfo%20from%20MS%20about%20the%20API%20call%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fapi-list-incidents%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fapi-list-incidents%3Fview%3Do365-worldwide%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEdit%3A%20I%20am%20checking%20the%20lastUpdateTime%20field%2C%20of%20course%2C%20to%20verify%20it%20has%20been%20updated.%20If%20it%20was%20not%20clear%2C%20I%20am%20wondering%20which%20other%20fields%20might%20change%20if%20it%20has%20been%20updated.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Frequent Visitor

Hi!

 

I am using the Security Center API to retrieve incidents and alerts, and add them to our ITSM platform. During the parsing of the JSON response, I have to check if the incident retrieved is already registered and if it is, if it also has been updated since last time.

 

My issue is that I am unsure what to check for if the incident indeed has been updated. I don't want to check more than necessary. I am hoping that if it has been updated, this only means that a new alert has been attached, but I fear that any property of the incident might change.

 

I have not been able to find any resources that specify what might trigger the lastUpdateTime property, so I turn to you for help.

 

Info from MS about the API call: https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-list-incidents?view=o365-worldwide

 

Edit: I am checking the lastUpdateTime field, of course, to verify it has been updated. If it was not clear, I am wondering which other fields might change if it has been updated.

0 Replies