Fetch – Alerts API (Microsoft)

0
(0)

Note

We’ve renamed Microsoft Cloud App Security. It’s now called Microsoft Defender for Cloud Apps. In the coming weeks, we’ll update the screenshots and instructions here and in related pages. For more information about the change, see this announcement. To learn more about the recent renaming of Microsoft security services, see the Microsoft Ignite Security blog.

Run the GET request to fetch the alert matching the specified primary key.

HTTP request

HTTP

GET /api/v1/alerts/<pk>/

Request URL parameters

Parameter Description
pk The ID of the alert

Example

Request

Here is an example of the request.

HTTP

curl -XGET -H "Authorization:Token <your_token_key>" "https://<tenant_id>.<tenant_region>.contoso.com/api/v1/alerts/<pk>/"

Response

Returns the specified alert in JSON format. For detailed information on each property, refer to the alert properties specifications.

JSON

{
  "_id": "603f704aaf7417985bbf3b22",
  "contextId": "206e2965-6533-48a6-ba9e-794364a84bf9",
  "description": "Contoso user performed 11 suspicious activities MITRE Technique used Account Discovery (T1087) and subtechnique used Domain Account (T1087.002)",
  "entities": [
    {
      "entityRole": "Source",
      "entityType": 2,
      "id": "6204bdaf-ad46-4e99-a25d-374a0532c666",
      "inst": 0,
      "label": "user1",
      "pa": "[email protected]",
      "saas": 11161,
      "type": "account"
    },
    {
      "entityRole": "Related",
      "id": "55017817-27af-49a7-93d6-8af6c5030fdb",
      "label": "DC3",
      "type": "device"
    },
    {
      "id": 20940,
      "label": "Active Directory",
      "type": "service"
    },
    {
      "entityRole": "Related",
      "id": "95c59b48-98c1-40ff-a444-d9040f1f68f2",
      "label": "DC4",
      "type": "device"
    },
    {
      "id": "5bfd18bfab73c36ba10d38ca",
      "label": "Honeytoken activity",
      "policyType": "ANOMALY_DETECTION",
      "type": "policyRule"
    },
    {
      "entityRole": "Source",
      "id": "34f3ecc9-6903-4df7-af79-14fe2d0d4553",
      "label": "Client1",
      "type": "device"
    },
    {
      "entityRole": "Related",
      "id": "d68772fe-1171-4124-9f73-0f410340bd54",
      "label": "DC1",
      "type": "device"
    },
    {
      "type": "groupTag",
      "id": "5f759b4d106abbe4a504ea5d",
      "label": "All Users"
    }
  ],
  "idValue": 15795464,
  "isSystemAlert": false,
  "resolutionStatusValue": 0,
  "severityValue": 1,
  "statusValue": 1,
  "stories": [
    0
  ],
  "threatScore": 34,
  "timestamp": 1621941916475,
  "title": "Honeytoken activity",
  "comment": "",
  "handledByUser": "[email protected]",
 "resolveTime": "2021-05-13T14:02:34.904Z",
  "URL": "https://contoso.portal.cloudappsecurity.com/#/alerts/603f704aaf7417985bbf3b22"
}

If you run into any problems, we’re here to help. To get assistance or support for your product issue, please open a support ticket.

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 9 times, 1 visits today)
Tagged: