Get Security Alerts (GET Collection)
Published: July 13, 2016
Updated: July 12, 2016
Retrieves all alerts for the subscription. Alerts that originate from a specific VM (such as antimalware) will have an ID under the same RG as the VM; Alerts which are not related to a resource in the subscription, but are relevant in the entire subscription scope (such as Compromised Account Alert) will have an ID directly under the subscription score (no RG).
Method | Request Uri |
|---|---|
GET | https://<endpoint>/subscriptions/{subscriptionId}/providers/microsoft.Security/alerts?api-version={api-version} |
Parameter | Description |
|---|---|
subscriptionId | The subscription id |
Api-version | The version of the Security RP protocol used for this request |
Common request headers only.
None.
If successful, the operation returns HTTP status code of 200 (OK).
{
"value": [
{
"id": "/subscriptions/{id}/resourceGroups/{rg}/providers/Microsoft.Security/alerts/{id}",
"name": "{id}",
"type": "Microsoft.Security/alerts",
"properties": {
"state": "Active",
"reportedTimeUtc": "2015-08-25T04:17:00Z",
"providerName": "Alert Provider Name",
"vendorName": "Vendor name",
"alertName": "Alert Name",
"detectedTimeUtc": "2015-08-23T00:00:00Z",
"description": "Alert description",
"remediationSteps": "…",
"actionTaken": "Detected",
"reportedSeverity": "Low",
"compromisedEntity": "…",
"associatedResource": "{associated resource id}",
"extendedProperties": {
}
}
},
{
"id": "/subscriptions/{id}/providers/Microsoft.Security/alerts/{id}",
"name": "{id}",
"type": "Microsoft.Security/alerts",
"properties": {
"state": "Active",
"reportedTimeUtc": "2015-08-25T04:17:00Z",
"providerName": "Alert Provider Name",
"vendorName": "Vendor name",
"alertDisplayName": "Display Name",
"alertName": "Alert Name",
"detectedTimeUtc": "2015-08-23T00:00:00Z",
"description": "Alert description",
"remediationSteps": "…",
"actionTaken": "Detected",
"reportedSeverity": "Low",
"compromisedEntity": "…",
"associatedResource": "{associated resource id}",
"extendedProperties": {
}
}
}
]}