Get alert information by ID. The following permissions are required to run this action:
  • Alert.Read.All
  • Alert.ReadWrite.All
External DocumentationTo learn more, visit the Microsoft Defender For Endpoints documentation.

Parameters

ParameterDescription
Alert IDYour alert ID, can be retrieved from the ‘List Alerts’ action.

Workflow Library Example

Get Alert with Microsoft Defender for Endpoints and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop