How to get Audit logs of Microsoft defender for endpoint using Rest APIs.

Pavan Bollepalli 0 Reputation points
2024-02-09T06:50:08.3833333+00:00

How to get Audit logs of Microsoft defender for endpoint using Rest APIs with start time & end time along with pagination

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
3,395 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
92 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Catherine Kyalo 160 Reputation points Microsoft Employee
    2024-02-15T13:59:31.5866667+00:00

    Hi @Pavan Bollepalli You can use the createdDateTime parameter that is supported as per https://learn.microsoft.com/en-us/graph/api/security-list-alerts_v2?view=graph-rest-beta&tabs=http#optional-query-parameters. Below query is a sample

    2024-02-13T12:49:01.00Zhttps://graph.microsoft.com/v1.0/security/alerts_v2?$filter=createdDateTime ge 2024-02-12T12:49:01.00Z and createdDateTime le 2024-02-13T12:49:01.00Z&$top=50
    

    To apply pagination, you can use $top and parameters:

    0 comments No comments