Azure Security Center List Alerts - empty results response that includes nextLink

Matthew Kracht 21 Reputation points


I'm making a call to list ASC alerts for a specific time range using the following REST API:

In the response I'm getting back a 'nextLink' attribute even though I'm not getting any results back which would be found in the 'value' attribute according to the following resource:

My initial call is GET

The 'value' attribute in the response is an empty list and the 'nextLink' value provides the URL for the next page of results:

I've gotten back a response like the above with no results and a nextLink value as many as 80 times in a row before the response no longer contains a nextLink attribute.

If I widen the time window I can get an initial response that contains results along with a nextLink value. Eventually the paginated responses will return empty results but continue to return nextLink values tens of more times.

According to the documentation I should "continue sending requests to the nextLink URL until it no longer contains a URL in the returned results" but based on the behavior I'm seeing I should ignore nextLink if I don't get any results.

Is that a correct assumption? Am I missing something valuable if I don't continue to make 80 nextLink requests that return 0 results?

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,123 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Matthew Kracht 21 Reputation points

    Is there a secure way to provide you all logs? The only part I've sanitized from the request above is the subscription ID but I'm assuming this is a public forum so I'm hesitant to post explicit requests.