question

03475440 avatar image
0 Votes"
03475440 asked bgervin edited

How can I read M365 security alert's activity list.

Hi Team,

We have configured a M365 security alert policy, that triggers an email when a user is added to a site's site collection admin. We are trying to read through the alerts and get the information like on which site and which user has been added. Neither the email has that information nor the alert details. Is there a way or a service or api end point where we can get the alerts activity list with all the required details that are present in the fly out.

We explored the Graph API Security Alert end point (https://graph.microsoft.com/v1.0/security/alerts) but it does not returns activity list as well.

Appreciate your help here.

azure-security-centermicrosoft-graph-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Givary-MSFT avatar image
0 Votes"
Givary-MSFT answered

@03475440

Thank you for reaching out to us.

If i understand correctly "you are try to extract more information from alerts"

Did you explore MCAS portal if it helps in getting more information related to alerts ?

Also you can leverage logic app option/Azure sentinel playbook to trigger email with more details related to the alert.

Reference:

https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook

https://docs.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks

https://samilamppu.com/2020/05/13/how-to-manage-security-alerts-in-microsoft-365/

Let me know if you have any questions.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.