List endpoint defender alerts.
The following permissions are required to run this action:
Alert.Read.All
Alert.ReadWrite.All
External Documentation
To learn more, visit the Microsoft Defender For Endpoints documentation.
Parameter | Description |
---|---|
Filter | The filter to apply on the operation. You can filter by alertCreationTime, lastUpdateTime, incidentId, InvestigationId, id, asssignedTo, detectionSource, lastEventTime, status, severity and category. For more information: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exposed-apis-odata-samples?view=o365-worldwide |
Limit | The amount of results which will be returned. Max value is 10,000. |
Offset | The offset of the item at which to begin the response. |
List Alerts with Microsoft Defender for Endpoints and Send Results Via Email
Preview this Workflow on desktop