Forum Discussion
Solved
Is there a bug in filtering by severity?
The sample works (using fake data)
https://graph.microsoft.com/beta/security/alerts?filter=Severity eq 'High'&$top=5
But if I use the same call with a bearer token, it returns ->
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#Security/alerts",
"value": []
}
(same for Medium, Low and just in case, tried high, medium and low)
If I make up a severity name, it returns ->
{
"error": {
"code": "BadRequest",
"message": "Invalid filter clause",
"innerError": {
"request-id": "20fbaaca-8f2c-4c86-9d2c-f990ca3cfe86",
"date": "2018-09-11T15:47:23"
}
}
}
So I'm thinking it is a bug ... does filtering by severity work for anyone else?
- Creighton, we have resolved the bug that surfaced due to the recent Alert Schema update. Please verify that it now works correctly. Thank you again for your feedback.
Edward KovalMicrosoft
Creighton, when using your bearer token are you getting alerts back without filter? i.e. https://graph.microsoft.com/beta/security/alertsYes ... the alerts work if I remove the filter
I can add other arguments like ?$orderby=eventDateTime+desc and it works as expected
Just returns [] when filtering by severity
- Edward KovalThank you for your feedback. A bug report has been filed, and the team is investigating the root cause of this issue.
