Why Microsoft Sentinel alerts doesn't appear in graph api

165 views Asked by At

Why when I query graph api to get all the security alerts, Microsoft sentinel alerts are not present. Is there some configuration to do ? I have the same result with both alerts and alerts_v2 endpoints.

enter image description here

enter image description here

1

There are 1 answers

3
Venkatesan On

Why Microsoft Sentinel alerts doesn't appear in graph api?

To Get the list of alert v2 resources you need either SecurityAlert.Read.All or SecurityAlert.ReadWrite.All application permission needed.

In my environment, I created an application With the name testvenkat and added SecurityAlert.Read.All permission.

Portal: enter image description here

Using the above application, I created an access-token with the client credential flow through Postman.

Postman:

GET https://login.microsoftonline.com/common/oauth2/v2.0/token

client_id:ClientID
client_secret:ClientSecret
scope:https://graph.microsoft.com/.default
grant_type:client_credentials

enter image description here

Now using the above access token I can able to get the security alerts v2 through endpoints.

Postman: enter image description here

Reference: List alerts_v2 - Microsoft Graph v1.0 | Microsoft Learn