Forum Widgets
Latest Discussions
How to get maximum scores by control Category?
Hi everyone, I am starting to use the MS Graph connector from power by and I am trying to reproduce a very simple graph, I can get almost all the data except the maximum score per control category In the next picture I can obtent 24/502 but for each category I'm able to obtain the score but not the maximum, for example -> identity (18/223) I can obten the score 18 but not the maximum 223 Thanks in advance LuisSolvedlvillaraDec 23, 2021Copper Contributor1.2KViews0likes2CommentsID of the Resource that generated the Secure Score Control
How can I identify what resource is the one that generated a specific Control Score? For example, consider the payload: { "controlCategory": "Identity", "controlName": "BlockLegacyAuthentication", "description": "Today, most compromising sign-in attempts come from legacy authentication. Older office clients such as Office 2010 don’t support modern authentication and use legacy protocols such as IMAP, SMTP, and POP3. Legacy authentication does not support multi-factor authentication (MFA). Even if an MFA policy is configured in your environment, bad actors can bypass these enforcements through legacy protocols.\n\nYou have 6 of 6 users that don't have legacy authentication blocked.", "score": 0, "total": "6", "count": "6" } How do I know which users have problems? Thanks!SolvedigventurelliJun 09, 2020Copper Contributor904Views1like1Comment
Inaccurate Graph API Results
For some odd reason the results that I am getting from the Graph Security API the past two days are inaccurate and I can't for the life of me figure out why. If I query https://graph.microsoft.com/v1.0/security/alerts I am returned 7 old alerts without any obvious relationship, rhyme, or reason for populating my results. These are not the 7 most recent, and we have had more than 7 alerts. For example, when attempting to append $filter=vendorInformation/provider eq 'Microsoft Defender ATP' I receive: { "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#Security/alerts", "value": [] } This issue appears to extend for me across all of the MTP services. I can see the alerts within MDATP, and others like MCAS and ASC for example when navigating directly to those portals or querying their platform specific api's, like https://api-us.securitycenter.windows.com/api/alerts for example. I am getting data returned, it is just not the right data. I am utilizing a Postman App registration with the SecurityEvents.Read.All and SecurityEvents.ReadWrite.All "Granted for MYDOMAIN". I feel like I am missing something here. Any one else having issues? More than happy to share additional details that would be useful. UPDATE 04/01/2020 - I run the exact same queries and am receiving the correct results after letting things sit over night. This leads me to believe that there was something service health related. Any tips on running things like that down in the future?Solvedkylemiller061Apr 01, 2020Brass Contributor1.8KViews0likes1Comment
Fetch Azure Sentinel Incidents Via API
Hi, I want to fetch incidents from azure sentinel via api. As Sentinel hasn't API, I have to use Graph api. I need a sample or endpoint. Any advice o document suggestion would be appreciated. Best YasemenSolvedjojo_the_coderMar 17, 2020Copper Contributor14KViews0likes14Comments
change permission
I am not sure if this space is correct to ask my question. I am an administrator of office 365 in an organization , and want to collect Teams presence information of our staff's. I can obtain my own presence info in JSON format using graph explorer (https://developer.microsoft.com/en-us/graph/graph-explorer), though I cannot get my staff's presense infomation. Graph explorer shows Status code 403. Question - How can I get another person's presence information? GE shows following error. { "error": { "code": "Forbidden", "message": "Insufficient user permissions, cannot access this API.", "innerError": { "request-id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, "date": "2020-03-03T08:58:13" } } }SolvedtoshikaneMar 03, 2020Copper Contributor1.2KViews0likes2CommentsAzure advanced thread protection alerts
Hi, The security alert's api reads alerts from Azure ATP?SolvedJordi Marchán MartínezJul 30, 2019Copper Contributor1.5KViews0likes2CommentsIPC alerts doesn't update using the api
Our customers are trying to modify or resolve his alerts from IPC provider but nothing happens, the rest of the providers works fine. Is there any problem with the IPC's alerts? The API returns a 404 error.SolvedJordi Marchán MartínezJul 02, 2019Copper Contributor1.2KViews0likes3Comments/security/alerts not returning data value: []
All our customers now return value:[] We had data yesterday. Rechecked many tenants against their Azure AD Identity Protection and they DO have recent alerts. Not returned by graph apiSolvedcrodriguez1Jun 12, 2019Brass Contributor810Views0likes2CommentsSecurity Graph API beta securityAction
Hi guys, I see the that Microsoft has a new Graph API (beta) that handles security actions. what are those security actions? are they vendor specific? what're the available action? should I purchase a product in order to have those actions available? Thanks,SolvedoferditJun 03, 2019Copper Contributor1KViews0likes1Comment
Resources
Tags
- Graph Security API27 Topics
- apis22 Topics
- development9 Topics
- alerts8 Topics
- Secure Score2 Topics
