Alerts from MS Defender for Cloud not showing in MS Defender

Dominik Fischer 0 Reputation points
2023-11-15T07:28:04.86+00:00

Hello everyone,
I am trying to get some sample alerts using the Graph API . I have an Azure free trial subscription active and an account with the Global Administrator role.

I was able to generate a set of sample alerts in the Microsoft Defender for Cloud (MDC->Security Alerts->Sample Alerts). I can also GET these alerts using the legacy alerts endpoint GET https://graph.microsoft.com/v1.0/security/alerts/. 

Screenshot from 2023-11-13 18-03-55

However, when I try the v2 endpoint GET https://graph.microsoft.com/v1.0/security/alerts_v2/  I get a response with body 'value : []' as if there were no alerts at all.

Screenshot from 2023-11-13 18-08-59

I followed the answer to this question and opened the alerts menu in the MS Defender Security Center.

Screenshot from 2023-11-13 18-09-31

Does anyone have an idea how to make the v2 version of alerts work? I assume the v2 alerts are generated by the MS Defender and because I do not see any alerts there, I am also not receiving any by calling the endpoint. How can I get the alerts from MDC to MD?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
9,189 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,048 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akshay-MSFT 12,311 Reputation points Microsoft Employee
    2023-11-22T06:26:37.2366667+00:00

    @Dominik Fischer

    Thank you for posting your query on Microsoft Q&A, from above description I could understand that you have generated sample alert from Microsoft Defender for Cloud and are trying to List/GET those alerts via Graph API/Microsoft Security Center console but are not able to find any.

    Please do correct me if this is not the case by responding in the comments section:

    Alerts generated by Microsoft Defender for Cloud could only be fetched via Microsoft Rest API and not Graph API, Graph is Majorly used for M365, M365 Security, MEM and Entra ID services.

    For Example to fetch sample alerts generated in Microsoft Defender For Cloud you need to use Alerts Rest API:

    To list all alerts associated with the subscription you must use Alert-List:

    https://learn.microsoft.com/en-us/rest/api/defenderforcloud/alerts?view=rest-defenderforcloud-2022-01-01

    The Output would look like the highlighted one below:

    User's image

    Which is a reference of Alert Shown in the UI:

    User's image

    The Alerts V2 Graph API references to This resource corresponds to the latest generation of alerts in the Microsoft Graph security API, representing potential security issues within a customer's tenant that Microsoft 365 Defender, or a security provider integrated with Microsoft 365 Defender, has identified.

    Also as per Alerts and incidents Alerts from the following security providers are available via these rich alerts and incidents:

    • Microsoft Entra ID Protection
    • Microsoft 365 Defender
    • Microsoft Defender for Cloud Apps
    • Microsoft Defender for Endpoint
    • Microsoft Defender for Identity
    • Microsoft Defender for Office 365
    • Microsoft Purview Data Loss Prevention Hence Alerts generated by Microsoft Defender for cloud could not be fetched.

    Thanks,

    Akshay Kaushik

    Please "Accept the answer(Yes)" and "share you feedback ". This will help us and others in the community as well.

    0 comments