Share via

Advanced Hunting API cannot query IndetityInfo table

Longfei Chen 10 Reputation points Microsoft Employee
2023-07-18T03:25:24.74+00:00

In Postman, I send POST request to https://api.securitycenter.microsoft.com/api/advancedqueries/run and the payload is as below:

{
    "Query":"IdentityInfo"
}

I got 400 Bad Request and response is as below:

{
    "error": {
        "code": "BadRequest",
        "message": "'table' operator: Failed to resolve table expression named 'IdentityInfo'. Fix semantic errors in your query.",
        "target": "|16f0c184-457c5de8428dcfb0."
    }
}

However, I can get the IdentityInfo in https://security.microsoft.com/v2/advanced-hunting?tid=15c918e9-0017-4cbb-8215-80dbc9dfc876

SCC portal snapshot

Is there some error in my Azure AD API permission configuration?

AAD API Permission snapshot

Microsoft Security | Microsoft Defender | Microsoft Defender for Identity
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Fiona Matu 91 Reputation points Microsoft Employee
    2024-01-30T15:14:58.8866667+00:00

    Hi @Longfei Chen , I suppose that the error you are getting is caused by the API not being able to locate the table to are trying to query out. Advanced Hunting API currently only supports a subset of tables available in the Microsoft 365 security center and that could be the case with the IdentityInfo table.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.