Update the properties of an alert object in an organization based on the specified alert id property. Supply only the values for properties that should be updated.
Least privileged Microsoft Graph permission to access the action via application: SecurityAlert.ReadWrite.All*.
{ "@odata.context": "<string>", "id": "da637551227677560813_-961444813", "providerAlertId": "da637551227677560813_-961444813", "incidentId": "28282", "status": "inProgress", "severity": "low", "classification": "truePositive", "determination": "malware", "serviceSource": "microsoftDefenderForEndpoint", "detectionSource": "antivirus", "productName": "<string>", "detectorId": "e0da400f-affd-43ef-b1d5-afc2eb6f2756", "tenantId": "b3c1b5fc-828c-45fa-a1e1-10d74f6d6e9c", "title": "Suspicious execution of hidden file", "description": "A hidden file has been launched. This activity could indicate a compromised host. Attackers often hide files associated with malicious tools to evade file system inspection and defenses.", "recommendedActions": "Collect artifacts and determine scope\n\tReview the machine timeline for suspicious activities that may have occurred before and after the time of the alert, and record additional related artifacts (files, IPs/URLs)... \n", "category": "DefenseEvasion", "assignedTo": "secAdmin@contoso.com", "alertWebUrl": "https://security.microsoft.com/alerts/da637551227677560813_-961444813?tid=b3c1b5fc-828c-45fa-a1e1-10d74f6d6e9c", "incidentWebUrl": "https://security.microsoft.com/incidents/28282?tid=b3c1b5fc-828c-45fa-a1e1-10d74f6d6e9c", "actorDisplayName": null, "threatDisplayName": null, "threatFamilyName": null, "mitreTechniques": [ "T1564.001" ], "createdDateTime": "2021-04-27T12:19:27.7211305Z", "lastUpdateDateTime": "2021-05-02T14:19:01.3266667Z", "resolvedDateTime": null, "firstActivityDateTime": "2021-04-26T07:45:50.116Z", "lastActivityDateTime": "2021-05-02T07:56:58.222Z", "systemTags": [], "alertPolicyId": null, "comments": [], "evidence": [], "additionalData": { "InvestigationState": 851 }}