Hi,
I am using the Azure CLI to query Security Alerts, which works fine, but the alert details are masked with asterisks, e.g.
[..]
"ExtendedProperties": {
"Alert Id": "************************************",
"Client IP address": "***************",
"Client IP location": "*************",
"Client application": "**************************************",
"Client hostname": "***********",
"Client principal name": "*******************************",
"Domain name": "********************",
"Investigation steps": "******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************",
"KillChainIntent": "*************",
"Potential causes": "*************************************************",
"resourceType": "************"
},
[..]
You can reproduce this using for example "az graph query -q "securityresources | where type =~ 'microsoft.security/locations/alerts' | where properties.StartTimeUtc >= ago(1d) | where properties.Status in ('Active')" in the Cloudshell.
How can I unmask these or what setting is masking them?