![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 16%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAH%3C/text%3E%3C/svg%3E)
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,716 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 46%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGC%3C/text%3E%3C/svg%3E)
Hi @Alex H ,
Thanks for reaching out.
I am unable to reproduce this issue. As per the documentation, I have tried to get the security alerts where the feedback = truePosstive and I am getting the expected response from graph API: GET https://graph.microsoft.com/v1.0/security/alerts?$filter=feedback eq 'truePostive'.
As you have mentioned you are getting the response for feedback eq null, can you please check whether you have the security alerts where feedback = truePositive in your tenant. You can check it by updating one of the alert's feedback=truePosstive and confirm whether you are getting it in response.
Also please refer this documentation for more details about filter query parameter for security alert.
Hope this helps.
If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.