Update Incident

5 min

description updates an incident's classification, determination, and custom tags in microsoft graph api using the provided incidentid endpoint url /v1 0/security/incidents/{{incidentid}} method patch inputs path parameters (object) – required incidentid (string) – required id of the incident json body (object) – required classification (string) – required determination (string) – required customtags (array) – required assignedto (string) owner of the incident, or null if no owner is assigned free editable text status (string) output example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 5 sep 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "@odata type" "#microsoft graph incident", "id" "2972395", "incidentweburl" "https //security microsoft com/incidents/2972395?tid=12f988bf 16f1 11af 11ab 1d7cd011db47", "redirectincidentid" null, "displayname" "multi stage incident involving initial access & command and control on multiple endpoints reported by multiple sources", "tenantid" "b3c1b5fc 828c 45fa a1e1 10d74f6d6e9c", "createddatetime" "2021 08 13t08 43 35 5533333z", "lastupdatedatetime" "2021 09 30t09 35 45 1133333z", "assignedto" "kaic\@contoso onmicrosoft com", "classification" "truepositive", "determination" "multistagedattack", "status" "active", "severity" "medium", "customtags" \[ "demo" ], "comments" \[ { "comment" "demo incident", "createdby" "davids\@contoso onmicrosoft com", "createdtime" "2021 09 30t12 07 37 2756993z" } ] } } ] output parameters status code (number) reason (string) json body (object) @odata type (string) id (string) incidentweburl (string) redirectincidentid (object) displayname (string) tenantid (string) createddatetime (string) lastupdatedatetime (string) assignedto (string) classification (string) determination (string) status (string) severity (string) customtags (array) comments (array) comment (string) createdby (string) createdtime (string) response headers header type content length string content type string date string

Update Alert

Update User