cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Reporting on Incidents in security portal

SocInABox
Iron Contributor

‎Jan 16 2022 12:34 PM

‎Jan 16 2022 12:34 PM

Reporting on Incidents in security portal

Hi there,

 

Is there a way to query the Incidents and alerts in the security.microsoft.com portal?

I've been exporting the alerts, which works, but using kql would be preferred.

I don't see a good way to export Incidents or to run kql against it.

Is the only way to pull it over to Sentinel and do it from the log analytics workspace?

Same for MCAS portal (defender for cloud apps)

Thank you.

1,080 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by SocInABox (Iron Contributor)
David Bjurman-Birr

‎Jun 01 2022 06:26 AM

‎Jun 01 2022 06:26 AM

Solution

Re: Reporting on Incidents in security portal

Hello,

Just saw this question while browsing. You can easily query alerts via the security API. Here's a basic example of using PowerShell to get the alerts via API: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/api-hello-world?view=o365-...

David
1 Like
Reply
SocInABox

‎Jun 01 2022 07:38 AM

‎Jun 01 2022 07:38 AM

Re: Reporting on Incidents in security portal

Hi David, yes this will work.
I grant thee a like :D.
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by SocInABox (Iron Contributor)
David Bjurman-Birr

‎Jun 01 2022 06:26 AM

‎Jun 01 2022 06:26 AM

Solution

Re: Reporting on Incidents in security portal

Hello,

Just saw this question while browsing. You can easily query alerts via the security API. Here's a basic example of using PowerShell to get the alerts via API: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/api-hello-world?view=o365-...

David

View solution in original post

1 Like
Reply