List Alerts

5 min

description retrieve security alerts from the microsoft graph security api to monitor potential threats and anomalies endpoint url /v1 0/security/alerts v2 method get inputs parameters (object) $count (string) retrieves the total count of matching resources $skip (number) indexes into a result set also used by some apis to implement paging and can be used together with $top to manually page results $top (number) sets the page size of results $filter (string) use the filter query parameter to retrieve just a subset of a collection for guidance on using filter , see https //learn microsoft com/en us/graph/filter query parameter https //learn microsoft com/en us/graph/filter query parameter output output parameters status code (number) reason (string) json body (object) @odata context (string) value (array) id (string) provideralertid (string) incidentid (string) status (string) severity (string) classification (string) determination (string) servicesource (string) detectionsource (string) productname (string) detectorid (string) tenantid (string) title (string) description (string) recommendedactions (string) category (string) assignedto (string) alertweburl (string) incidentweburl (string) actordisplayname (object) threatdisplayname (object) threatfamilyname (object) mitretechniques (array) createddatetime (string) lastupdatedatetime (string) resolveddatetime (object) firstactivitydatetime (string) lastactivitydatetime (string) systemtags (array) file name (string) – required file (string) – required alertpolicyid (object) additionaldata (object) comments (array) file name (string) – required file (string) – required evidence (array) @odata type (string) createddatetime (string) verdict (string) remediationstatus (string) remediationstatusdetails (object) roles (array) file name (string) – required file (string) – required detailedroles (array) file name (string) – required file (string) – required tags (array) file name (string) – required file (string) – required primaryaddress (string) displayname (string) useraccount (object) accountname (string) domainname (string) usersid (string) azureaduserid (string) userprincipalname (string) displayname (string) networkmessageid (string) internetmessageid (string) subject (string) language (string) senderip (string) recipientemailaddress (string) antispamdirection (object) deliveryaction (string) deliverylocation (string) urn (string) threats (array) threatdetectionmethods (array) urls (array) urlcount (number) attachmentscount (number) receiveddatetime (string) p1sender (object) emailaddress (string) displayname (object) domainname (string) p2sender (object) emailaddress (string) displayname (string) domainname (string) stream (object) detectionstatus (object) mdedeviceid (object) filedetails (object) sha1 (object) sha256 (string) filename (string) filepath (object) filesize (object) filepublisher (object) signer (object) issuer (object) url (string) clusterby (string) clusterbyvalue (string) query (string) emailcount (number) networkmessageids (array) response headers header type transfer encoding string content type string content encoding string vary string strict transport security string request id string client request id string x ms ags diagnostic string odata version string date string

List a Users Direct Membership

List Analyzed Emails