Microsoft Graph API missing data

leoszalkowski · ‎Jun 11 2020

I'm using the Graph API to try to query the incidents in Sentinel, however not all of the data is populating properly.

The data that is especially useful for the purpose of this API call is the following, yet they are all appearing as null. When in reality, they should be populated.

Fields appearing as null:

ClosedDateTime
Comments
Assigned
Status

Gary Bushey · ‎Jun 12 2020

@leoszalkowski A couple of things

1) The Microsoft Graph API only returns alerts, not incidents. I have been looking into the same issue when using the ServiceNow Graph API connector.

2) Cannot go into much detail but your question may be moot very soon

CliveWatson · ‎Jun 12 2020

@Gary Bushey

@leoszalkowski

If you are happy to use an api you can use the Azure Sentinel api (preview), like I show here (I use a Workbook but you can use your preferred tool): https://techcommunity.microsoft.com/t5/azure-sentinel/using-the-sentinel-api-to-view-data-in-a-workb... and as Gary alludes to, things are planned for Incidents - more news soon

Direct link to latest version: https://github.com/CliveW-MSFT/KQLpublic/blob/master/KQL/Workbooks/api%20test%20v1.4.2.workbook which allows you to filter to see Comments, Bookmarks are in a seperate api.

leoszalkowski · ‎Jun 15 2020

@CliveWatson @Gary Bushey

Awesome, thanks for the information guys! I'll test this out this week and see how it performs.

Can't wait to hear the news.

Microsoft Graph API missing data

Microsoft Graph API missing data

Re: Microsoft Graph API missing data

Re: Microsoft Graph API missing data

Re: Microsoft Graph API missing data

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Microsoft Graph API missing data