Share via

API to retrieve DLP alerts along with relevant details

Paul, Tanmoy 1 Reputation point
2024-02-01T11:13:15.8433333+00:00

Hello, Is there a way to programmatically retrieve DLP alerts and associated details from Microsoft Purview? We want to export the alerts and forensic data into our own dashboard (rather than using Defender or Sentinel).

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,279 questions
Microsoft Purview
Microsoft Purview
A Microsoft data governance service that helps manage and govern on-premises, multicloud, and software-as-a-service data. Previously known as Azure Purview.
1,224 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Debarchan Sarkar - MSFT 1,131 Reputation points Microsoft Employee
    2024-02-04T08:21:55.52+00:00

    There's no specific direct way to programmatically retrieve DLP (Data Loss Prevention) alerts and associated details from Microsoft Purview. Microsoft Purview primarily focuses on data governance, including cataloging, classification, and protection of data, but it doesn't directly manage or provide APIs for DLP alerts. If you're looking to integrate DLP alerts into another dashboard or system, you might need to look into options provided by Microsoft 365 Compliance Center, which manages DLP policies and alerts. You may be able to use Microsoft Graph API's alert methods to list, create, get, update, and delete alerts from the security and compliance alert collection. However, please note that these APIs might not provide all forensic details related to DLP policy matches, so you will need to check their documentation thoroughly to ensure they meet your requirements.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.