Share via


Get Security Alerts (GET Collection)

 

Updated: July 12, 2016

Retrieves all alerts for the subscription. Alerts that originate from a specific VM (such as antimalware) will have an ID under the same RG as the VM; Alerts which are not related to a resource in the subscription, but are relevant in the entire subscription scope (such as Compromised Account Alert) will have an ID directly under the subscription score (no RG).

Request

Method

Request Uri

GET

https://<endpoint>/subscriptions/{subscriptionId}/providers/microsoft.Security/alerts?api-version={api-version}

Request Uri Parameters

Parameter

Description

subscriptionId

The subscription id

Api-version

The version of the Security RP protocol used for this request

Request Headers

Common request headers only.

Request body

None.

Response

Status code

If successful, the operation returns HTTP status code of 200 (OK).

Response body

{
    "value": [
        {
            "id": "/subscriptions/{id}/resourceGroups/{rg}/providers/Microsoft.Security/alerts/{id}",
            "name": "{id}",
            "type": "Microsoft.Security/alerts",
            "properties": {
                "state": "Active",
                "reportedTimeUtc": "2015-08-25T04:17:00Z",
                "providerName": "Alert Provider Name",
                "vendorName": "Vendor name",
                "alertName": "Alert Name",
                "detectedTimeUtc": "2015-08-23T00:00:00Z",
                "description": "Alert description",
                "remediationSteps": "…",
                "actionTaken": "Detected",
                "reportedSeverity": "Low",
                "compromisedEntity": "…",
                "associatedResource": "{associated resource id}",
                "extendedProperties": {
                }
            }
        },

   {
            "id": "/subscriptions/{id}/providers/Microsoft.Security/alerts/{id}",
            "name": "{id}",
            "type": "Microsoft.Security/alerts",
            "properties": {
                "state": "Active",
                "reportedTimeUtc": "2015-08-25T04:17:00Z",
                "providerName": "Alert Provider Name",
                "vendorName": "Vendor name",
                "alertDisplayName": "Display Name",
                "alertName": "Alert Name",
                "detectedTimeUtc": "2015-08-23T00:00:00Z",
                "description": "Alert description",
                "remediationSteps": "…",
                "actionTaken": "Detected",
                "reportedSeverity": "Low",
                "compromisedEntity": "…",
                "associatedResource": "{associated resource id}",
                "extendedProperties": {
                }
            }
        }
]}

See Also

Alerts
Security Resource Provider REST API Reference