Connectors
...
Actions
Get Alert Machine Information
6 min
description retrieve detailed machine information linked to a microsoft defender alert by using the unique alert id endpoint url /api/alerts/{{id}}/machine method get inputs path parameters (object) – required id (string) – required output example \[ { "status code" 200, "response headers" { "date" "thu, 04 may 2023 13 16 32 gmt", "content type" "application/json; odata metadata=minimal; odata streaming=true; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "content encoding" "deflate", "vary" "accept encoding", "odata version" "4 0", "strict transport security" "max age=15724800; includesubdomains" }, "reason" "ok", "json body" { "@odata context" "https //api securitycenter microsoft com/api/$metadata#machines/$entity", "id" "556b3952acb0bff29816d267822305781cc183ec", "mergedintomachineid" null, "ispotentialduplication" false, "isexcluded" false, "exclusionreason" null, "computerdnsname" "se pov desktop", "firstseen" "2023 04 19t13 27 53 1618923z", "lastseen" "2023 05 04t12 47 48 3622932z", "osplatform" "windows10", "osversion" null, "osprocessor" "x64", "version" "21h2", "lastipaddress" "192 168 12 203", "lastexternalipaddress" "172 56 64 139", "agentversion" "10 8470 19041 2788", "osbuild" 19044, "healthstatus" "active", "devicevalue" "normal", "rbacgroupid" 0, "rbacgroupname" null, "riskscore" "medium", "exposurelevel" "high", "isaadjoined" true, "aaddeviceid" null, "machinetags" \[], "defenderavstatus" "updated", "onboardingstatus" "onboarded", "osarchitecture" "64 bit", "managedby" "intune", "managedbystatus" "unknown", "ipaddresses" \[ { "ipaddress" "192 168 12 193", "macaddress" "000c2992a643", "type" "ethernet", "operationalstatus" "up" }, { "ipaddress" "192 168 12 203", "macaddress" "000c2992a64d", "type" "ethernet", "operationalstatus" "up" }, { "ipaddress" "2600 1005\ b02f 4873 47cb\ c3e8 51e8 814f", "macaddress" "000c2992a64d", "type" "ethernet", "operationalstatus" "up" }, { "ipaddress" "2607\ fb90\ e388\ cc1 2173\ b4f0 0 4eb", "macaddress" "000c2992a64d", "type" "ethernet", "operationalstatus" "up" }, { "ipaddress" "2607\ fb90\ e388\ cc1 5d2f 71d3 3ce6 561d", "macaddress" "000c2992a64d", "type" "ethernet", "operationalstatus" "up" }, { "ipaddress" "2600 1005\ b02f 4873 4421 694\ ada0\ f1f5", "macaddress" "000c2992a64d", "type" "ethernet", "operationalstatus" "up" }, { "ipaddress" "2607\ fb90\ e388\ cc1 4421 694\ ada0\ f1f5", "macaddress" "000c2992a64d", "type" "ethernet", "operationalstatus" "up" }, { "ipaddress" "fe80 359c\ fd3a 8880\ ddb6", "macaddress" "000c2992a64d", "type" "ethernet", "operationalstatus" "up" }, { "ipaddress" "169 254 5 16", "macaddress" "147ddaa128c4", "type" "ethernet", "operationalstatus" "down" }, { "ipaddress" "fe80 f1fc 1543\ f2f4 228d", "macaddress" "147ddaa128c4", "type" "ethernet", "operationalstatus" "down" }, { "ipaddress" "127 0 0 1", "macaddress" null, "type" "softwareloopback", "operationalstatus" "up" }, { "ipaddress" " 1", "macaddress" null, "type" "softwareloopback", "operationalstatus" "up" } ], "vmmetadata" null } } ] output parameters status code (number) reason (string) json body (object) @odata context (string) id (string) mergedintomachineid (object) ispotentialduplication (boolean) isexcluded (boolean) exclusionreason (object) computerdnsname (string) firstseen (string) lastseen (string) osplatform (string) osversion (object) osprocessor (string) version (string) lastipaddress (string) lastexternalipaddress (string) agentversion (string) osbuild (number) healthstatus (string) devicevalue (string) rbacgroupid (number) rbacgroupname (object) riskscore (string) exposurelevel (string) isaadjoined (boolean) aaddeviceid (object) machinetags (array) file name (string) – required file (string) – required defenderavstatus (string) onboardingstatus (string) osarchitecture (string) managedby (string) managedbystatus (string) ipaddresses (array) ipaddress (string) macaddress (object) type (string) operationalstatus (string) vmmetadata (object) response headers header type date string content type string transfer encoding string connection string content encoding string vary string odata version string strict transport security string