Fetch Microsoft Security Alerts for a specific user

236 Views Asked by Barry Rosenberg At 18 May 2025 at 16:59

I'm trying to use the Microsoft Graph Security API to fetch security alerts for a specific user. It looks like I should be using the filter parameter. But I can't figure out the property to search on. I can't find the common schema defined anywhere. Only finding generic documentation like this https://learn.microsoft.com/en-us/graph/query-parameters#filter-parameter Is there a schema that I can reference?

Original Q&A

There are 1 best solutions below

user2250152 On 15 March 2022 at 07:58

If you want to get a name of the analyst the alert is assigned to for triage, investigation, or remediation then you can use assignedTo property.

Filter by analyst name

GET https://graph.microsoft.com/v1.0/security/alerts?$filter=assignedTo eq '{analyst_name}'

If you want to get security-related stateful information generated by the provider about the user accounts related to alerts then you can use userStates property.

Filter by user related to the alerts

GET https://graph.microsoft.com/v1.0/security/alerts?$filter=userStates/any(d:d/userPrincipalName eq '{user_mail}')

Resources:

Alert resource type

Fetch Microsoft Security Alerts for a specific user

There are 1 best solutions below

Related Questions in MICROSOFT-GRAPH-API

Related Questions in MICROSOFT-GRAPH-SECURITY

Trending Questions

Popular # Hahtags

Popular Questions