取得機器相關的警示 APIGet machine related alerts API

適用于: Microsoft Defender for EndpointApplies to: Microsoft Defender for Endpoint

注意

如果您是美國政府客戶,請使用 Microsoft Defender FOR Us 政府客戶的端點中所列的 URIs。If you are a US Government customer, please use the URIs listed in Microsoft Defender for Endpoint for US Government customers.

提示

為了提高效能,您可以使用伺服器以接近地理位置:For better performance, you can use server closer to your geo location:

  • api-us.securitycenter.microsoft.comapi-us.securitycenter.microsoft.com
  • api-eu.securitycenter.microsoft.comapi-eu.securitycenter.microsoft.com
  • api-uk.securitycenter.microsoft.comapi-uk.securitycenter.microsoft.com

API 描述API description

會檢索與特定裝置相關的所有 警示Retrieves all Alerts related to a specific device.

限制Limitations

  1. 您可以根據您設定的保留期間,查詢上次更新的裝置。You can query on devices last updated according to your configured retention period.
  2. 此 API 的速率限制為每分鐘100個通話,每小時1500個通話。Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
許可權類型Permission type 權限Permission 許可權顯示名稱Permission display name
應用程式Application 警示。已讀取。所有Alert.Read.All 「讀取所有警示」'Read all alerts'
應用程式Application 警示。 ReadWrite。Alert.ReadWrite.All 「讀取及寫入所有警示」'Read and write all alerts'
委派 (工作或學校帳戶) Delegated (work or school account) 警示。讀取Alert.Read 「讀取警示」'Read alerts'
委派 (工作或學校帳戶) Delegated (work or school account) 警示。 ReadWriteAlert.ReadWrite 「讀取及寫入警示」'Read and write alerts'

注意

使用使用者認證取得權杖時:When obtaining a token using user credentials:

  • 使用者至少必須具備下列角色許可權:「View Data ' (請參閱 建立及管理角色 以取得詳細資訊) The user needs to have at least the following role permission: 'View Data' (See Create and manage roles for more information)
  • 使用者必須具有裝置的存取權,視裝置群組設定而定 (請參閱 建立及管理裝置群組 以取得詳細資訊) User needs to have access to the device, based on device group settings (See Create and manage device groups for more information)

HTTP 要求HTTP request

GET /api/machines/{id}/alerts

要求標頭Request headers

名稱Name 類型Type 描述Description
授權Authorization 字串String 載荷 {token}。Bearer {token}. 必要欄位Required.

要求正文Request body

空白Empty

回應Response

如果成功和裝置存在-200 OK (含)內文中的 警示 實體清單。If successful and device exists - 200 OK with list of alert entities in the body. 如果找不到裝置-找不到404。If device was not found - 404 Not Found.