Get User Related Alerts

5 min

description retrieve alerts linked to a specific user in microsoft defender by using the unique 'user' identifier endpoint url /api/users/{{id}}/alerts method get inputs path parameters (object) – required id (string) – required the id is not the full upn, but only the user name (for example, to retrieve alerts for user1\@contoso com mailto\ user1\@contoso com use /api/users/user1/alerts) output output parameters status code (number) reason (string) json body (object) @odata context (string) value (array) id (string) incidentid (number) investigationid (object) assignedto (object) severity (string) status (string) classification (object) determination (object) investigationstate (string) detectionsource (string) detectorid (string) category (string) threatfamilyname (object) title (string) description (string) alertcreationtime (string) firsteventtime (string) lasteventtime (string) lastupdatetime (string) resolvedtime (object) machineid (string) computerdnsname (string) rbacgroupname (object) aadtenantid (string) threatname (object) mitretechniques (array) relateduser (object) username (string) domainname (string) loggedonusers (array) accountname (string) domainname (string) comments (array) evidence (array) entitytype (string) evidencecreationtime (string) sha1 (object) sha256 (object) filename (object) filepath (object) processid (object) processcommandline (object) processcreationtime (object) parentprocessid (object) parentprocesscreationtime (object) parentprocessfilename (object) parentprocessfilepath (object) ipaddress (object) url (string) registrykey (object) registryhive (object) registryvaluetype (object) registryvalue (object) registryvaluename (object) accountname (object) domainname (object) usersid (object) aaduserid (object) userprincipalname (object) detectionstatus (object) domains (array) response headers header type date string content type string transfer encoding string connection string content encoding string vary string odata version string strict transport security string