List Incidents

6 min

description retrieve and monitor incidents from microsoft 365 defender for tracking and managing organizational attacks endpoint url /v1 0/security/incidents method get inputs parameters (object) $count (string) retrieves the total count of matching resources $skip (number) indexes into a result set also used by some apis to implement paging and can be used together with $top to manually page results $top (number) sets the page size of results $expand (string) retrieves related resources $filter (string) use the filter query parameter to retrieve just a subset of a collection for guidance on using filter , see https //learn microsoft com/en us/graph/filter query parameter https //learn microsoft com/en us/graph/filter query parameter output example \[ { "status code" 200, "response headers" { "transfer encoding" "chunked", "content type" "application/json", "content encoding" "gzip", "vary" "accept encoding", "strict transport security" "max age=31536000", "request id" "8beed643 f868 4fd0 9e15 e0db4c50383e", "client request id" "8beed643 f868 4fd0 9e15 e0db4c50383e", "x ms ags diagnostic" "{\\"serverinfo\\" {\\"datacenter\\" \\"brazil south\\",\\"slice\\" \\"e\\",\\"ring\\" \\"3\\",\\"scaleunit\\" \\"001\\",\\"roleinstance\\" \\"cp1pepf00003034\\"}}", "date" "tue, 27 dec 2022 21🕛51 gmt" }, "reason" "ok", "json body" { "value" \[ { "@odata type" "#microsoft graph security incident", "id" "2972395", "incidentweburl" "https //security microsoft com/incidents/2972395?tid=12f988bf 16f1 11af 11ab 1d7cd011db47", "redirectincidentid" null, "tenantid" "b3c1b5fc 828c 45fa a1e1 10d74f6d6e9c", "displayname" "multi stage incident involving initial access & command and control on multiple endpoints reported by multiple sources", "createddatetime" "2021 08 13t08 43 35 5533333z", "lastupdatedatetime" "2021 09 30t09 35 45 1133333z", "assignedto" "kaic\@contoso onmicrosoft com", "classification" "truepositive", "determination" "multistagedattack", "status" "active", "severity" "medium", "customtags" \[ "demo" ], "comments" \[ { "comment" "demo incident", "createdby" "davids\@contoso onmicrosoft com", "createdtime" "2021 09 30t12 07 37 2756993z" } ] } ] } } ] output parameters status code (number) reason (string) json body (object) value (array) @odata type (string) id (string) incidentweburl (string) redirectincidentid (object) tenantid (string) displayname (string) createddatetime (string) lastupdatedatetime (string) assignedto (string) classification (string) determination (string) status (string) severity (string) customtags (array) comments (array) comment (string) createdby (string) createdtime (string) response headers header type transfer encoding string content type string content encoding string vary string strict transport security string request id string client request id string x ms ags diagnostic string date string

List eDiscovery Cases

List Password Methods