Dismiss Security Center Alert using Graph API

442 views Asked by At

I have already looked into some of the answers but didn't find the right solutions. Is there any way we can dismiss the alert in Azure Security Center using Microsoft Graph API or by any other means. I don't want to suppress any rule. I simply want to dismiss the alert. I have looked into some of the Microsoft documentation but didn't the way to achieve this.

Please let me know if anybody knows how to do that.

Thanks!

2

There are 2 answers

2
Peter Bons On BEST ANSWER

Sure. As most Azure Services do, there is an Api for Security Center al well.

You are probably looking for the endpoint that sets the status of an alert to dismissed.

0
Marcel On

I had to do this while tuning our Adaptive Application Control rules. With a large number of subscriptions, there were thousands, and didn't make sense to do manually, so I wrote the following script.

Calls to the List method only return a maximum of 100 results at a time. If there are more than 100, the results from Invoke-RestMethod will include a nextLink property, which will allow you to query again for the next page of results.

This script will allow you to dismiss Security Alerts in Microsoft Defender for Cloud based on the alertType across a subscription: https://gist.github.com/grimstoner/a14cc5dfdd1e25f7e1318face67f1c34