List – Alerts API (Microsoft)

0
(0)

Note

We’ve renamed Microsoft Cloud App Security. It’s now called Microsoft Defender for Cloud Apps. In the coming weeks, we’ll update the screenshots and instructions here and in related pages. For more information about the change, see this announcement. To learn more about the recent renaming of Microsoft security services, see the Microsoft Ignite Security blog.

Run the GET or POST request to fetch a list of alerts matching the specified filters.

HTTP request

HTTP

GET /api/v1/alerts/
HTTP

POST /api/v1/alerts/

Request BODY parameters

Parameter Description
filters Filter objects with all the search filters for the request, see alert filters for more details
sortDirection The sorting direction. Possible values are: asc and desc
sortField Fields used to sort alerts. Possible values are:
– date: The date when then the alert was created
– severity: The severity of the alert
skip Skips the specified number of records
limit Maximum number of records returned by the request

Example

Request

Here is an example of the request.

HTTP

curl -XPOST -H "Authorization:Token <your_token_key>" "https://<tenant_id>.<tenant_region>.contoso.com/api/v1/alerts/" -d '{
  "filters": {
    // some filters
  },
  "skip": 5,
  "limit": 10
  ...
}'

Response

Returns a list of alerts in JSON format. For detailed information on each property, refer to the alert properties specifications.

JSON

{
  "data": [
    {
      "_id": "603f704aaf7417985bbf3b22",
      "contextId": "206e2965-6533-48a6-ba9e-794364a84bf9",
      "description": "Contoso user performed 11 suspicious activities MITRE Technique used Account Discovery (T1087) and subtechnique used Domain Account (T1087.002)",
      "entities": [
        {
          "entityRole": "Source",
          "entityType": 2,
          "id": "6204bdaf-ad46-4e99-a25d-374a0532c666",
          "inst": 0,
          "label": "user1",
          "pa": "[email protected]",
          "saas": 11161,
          "type": "account"
        },
        {
          "entityRole": "Related",
          "id": "55017817-27af-49a7-93d6-8af6c5030fdb",
          "label": "DC3",
          "type": "device"
        },
        {
          "id": 20940,
          "label": "Active Directory",
          "type": "service"
        },
        {
          "entityRole": "Related",
          "id": "95c59b48-98c1-40ff-a444-d9040f1f68f2",
          "label": "DC4",
          "type": "device"
        },
        {
          "id": "5bfd18bfab73c36ba10d38ca",
          "label": "Honeytoken activity",
          "policyType": "ANOMALY_DETECTION",
          "type": "policyRule"
        },
        {
          "entityRole": "Source",
          "id": "34f3ecc9-6903-4df7-af79-14fe2d0d4553",
          "label": "Client1",
          "type": "device"
        },
        {
          "entityRole": "Related",
          "id": "d68772fe-1171-4124-9f73-0f410340bd54",
          "label": "DC1",
          "type": "device"
        },
        {
          "type": "groupTag",
          "id": "5f759b4d106abbe4a504ea5d",
          "label": "All Users"
        }
      ],
      "idValue": 15795464,
      "isSystemAlert": false,
      "resolutionStatusValue": 0,
      "severityValue": 1,
      "statusValue": 1,
      "stories": [
        0
      ],
      "threatScore": 34,
      "timestamp": 1621941916475,
      "title": "Honeytoken activity",
      "comment": "",
      "handledByUser": "[email protected]",
      "resolveTime": "2021-05-13T14:02:34.904Z",
      "URL": "https://contoso.portal.cloudappsecurity.com/#/alerts/603f704aaf7417985bbf3b22"
    }
  ],
  "hasNext": false,
  "max": 1,
  "total": 1,
  "moreThanTotal": false
}

If you run into any problems, we’re here to help. To get assistance or support for your product issue, please open a support ticket.

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 15 times, 1 visits today)
Tagged: