Get a list of alert resources created to track suspicious activities in an organization.
This operation lets you filter and sort through alerts to create an informed cyber security response. It exposes a collection of alerts that were flagged in your network, within the time range you specified in your environment retention policy. The most recent alerts are displayed at the top of the list.
SecurityAlert.Read.All
.SecurityAlert.ReadWrite.All
.External Documentation
To learn more, visit the Microsoft Entra ID documentation.
Parameter | Description |
---|---|
Filter | Insert a query to filter the retrieved alert records. Examples: * Filter by severity: severity eq 'high' * Time-based filtering: createdDateTime gt 2024-02-01T00:00:00Z The supported properties are: * assignedTo * classification * determination * createdDateTime * lastUpdateDateTime * severity * serviceSource * status For more information about the Filter parameter, visit the Microsoft documentation. |
Include Count | When checked, get the total count of all matching alerts in the response. |
Return All Pages | Automatically fetch all resources, page by page. |
Parameter | Description |
---|---|
Limit | Specify the maximum number of alerts to return in a single response. Note: The maximum value for the Limit parameter is 1000 . |
Offset | Skip a specified number of alerts at the beginning of the result set. Note: The maximum value for the Offset parameter is 500 . |
List Alerts with Microsoft Entra Id and Send Results Via Email
Preview this Workflow on desktop
Get a list of alert resources created to track suspicious activities in an organization.
This operation lets you filter and sort through alerts to create an informed cyber security response. It exposes a collection of alerts that were flagged in your network, within the time range you specified in your environment retention policy. The most recent alerts are displayed at the top of the list.
SecurityAlert.Read.All
.SecurityAlert.ReadWrite.All
.External Documentation
To learn more, visit the Microsoft Entra ID documentation.
Parameter | Description |
---|---|
Filter | Insert a query to filter the retrieved alert records. Examples: * Filter by severity: severity eq 'high' * Time-based filtering: createdDateTime gt 2024-02-01T00:00:00Z The supported properties are: * assignedTo * classification * determination * createdDateTime * lastUpdateDateTime * severity * serviceSource * status For more information about the Filter parameter, visit the Microsoft documentation. |
Include Count | When checked, get the total count of all matching alerts in the response. |
Return All Pages | Automatically fetch all resources, page by page. |
Parameter | Description |
---|---|
Limit | Specify the maximum number of alerts to return in a single response. Note: The maximum value for the Limit parameter is 1000 . |
Offset | Skip a specified number of alerts at the beginning of the result set. Note: The maximum value for the Offset parameter is 500 . |
List Alerts with Microsoft Entra Id and Send Results Via Email
Preview this Workflow on desktop