Get Security Alerts (GET Collection)
Updated: July 12, 2016
Retrieves all alerts for the subscription. Alerts that originate from a specific VM (such as antimalware) will have an ID under the same RG as the VM; Alerts which are not related to a resource in the subscription, but are relevant in the entire subscription scope (such as Compromised Account Alert) will have an ID directly under the subscription score (no RG).
Request
Method |
Request Uri |
---|---|
GET |
https://<endpoint>/subscriptions/{subscriptionId}/providers/microsoft.Security/alerts?api-version={api-version} |
Request Uri Parameters
Parameter |
Description |
---|---|
subscriptionId |
The subscription id |
Api-version |
The version of the Security RP protocol used for this request |
Request Headers
Common request headers only.
Request body
None.
Response
Status code
If successful, the operation returns HTTP status code of 200 (OK).
Response body
{
"value": [
{
"id": "/subscriptions/{id}/resourceGroups/{rg}/providers/Microsoft.Security/alerts/{id}",
"name": "{id}",
"type": "Microsoft.Security/alerts",
"properties": {
"state": "Active",
"reportedTimeUtc": "2015-08-25T04:17:00Z",
"providerName": "Alert Provider Name",
"vendorName": "Vendor name",
"alertName": "Alert Name",
"detectedTimeUtc": "2015-08-23T00:00:00Z",
"description": "Alert description",
"remediationSteps": "…",
"actionTaken": "Detected",
"reportedSeverity": "Low",
"compromisedEntity": "…",
"associatedResource": "{associated resource id}",
"extendedProperties": {
}
}
},
{
"id": "/subscriptions/{id}/providers/Microsoft.Security/alerts/{id}",
"name": "{id}",
"type": "Microsoft.Security/alerts",
"properties": {
"state": "Active",
"reportedTimeUtc": "2015-08-25T04:17:00Z",
"providerName": "Alert Provider Name",
"vendorName": "Vendor name",
"alertDisplayName": "Display Name",
"alertName": "Alert Name",
"detectedTimeUtc": "2015-08-23T00:00:00Z",
"description": "Alert description",
"remediationSteps": "…",
"actionTaken": "Detected",
"reportedSeverity": "Low",
"compromisedEntity": "…",
"associatedResource": "{associated resource id}",
"extendedProperties": {
}
}
}
]}