Can't find any doco to get security incidents using graph API

Johnny Silverhand 1 Reputation point
2022-05-10T15:19:34.227+00:00

Azure AD app has permission https://graph.microsoft.com/SecurityIncident.Read.All

JWT token has the required role SecurityIncident.Read.All

"roles": [
"SecurityEvents.Read.All",
"SecurityAlert.Read.All",
"ServiceMessage.Read.All",
"SecurityIncident.Read.All",
"SecurityActions.Read.All",
"ThreatAssessment.Read.All",
"AuditLog.Read.All",
"ServiceHealth.Read.All",
"ThreatIndicators.Read.All",
"ThreatHunting.Read.All"
],

However, there is absolutely no documentation at all on how to get the SecurityIncidents using the Graph Security API, only the 365 Defender API so how is it possible to get Security Incidents from Graph Security API?

The documentation on graph API is so poor!

After hours I have found this: https://graphpermissions.merill.net/permission/SecurityIncident.Read.All.html so it is not even possible to use the permissions that I gave the App? What a mess! And I find out from 3rd party not Microsoft.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,349 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. RajeshKumarMSFT 1,971 Reputation points Microsoft Vendor
    2022-05-11T11:47:21.07+00:00

    Hi @Johnny Silverhand ,

    Hope you are doing well,

    You can use Alerts to notify security issues using Graph Security API.
    Alerts are potential security issues within a customer's tenant that Microsoft or partner security solutions have identified and flagged for action or notification. With the Microsoft Graph Security alerts entity.

    Refer the links below for more details:-
    https://learn.microsoft.com/en-us/graph/api/resources/security-api-overview?view=graph-rest-1.0
    https://learn.microsoft.com/en-us/graph/api/resources/alert?view=graph-rest-1.0
    https://learn.microsoft.com/en-us/graph/permissions-reference#all-permissions-and-ids

    Hope this helps.
    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have further questions about this answer, please click "Comment".

    0 comments No comments