SQL Server / Microsoft Graph / Get alerts filtered by category
Back to Collection Items
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
DECLARE @hr int
DECLARE @iTmp0 int
-- Important: Do not use nvarchar(max). See the warning about using nvarchar(max).
DECLARE @sTmp0 nvarchar(4000)
-- This example assumes the Chilkat API to have been previously unlocked.
-- See Global Unlock Sample for sample code.
DECLARE @http int
EXEC @hr = sp_OACreate 'Chilkat_9_5_0.Http', @http OUT
IF @hr <> 0
BEGIN
PRINT 'Failed to create ActiveX component'
RETURN
END
DECLARE @success int
DECLARE @queryParams int
EXEC @hr = sp_OACreate 'Chilkat_9_5_0.JsonObject', @queryParams OUT
EXEC sp_OAMethod @queryParams, 'UpdateString', @success OUT, '$filter', 'Category eq ''ransomware'''
EXEC sp_OAMethod @queryParams, 'UpdateInt', @success OUT, '$top', 5
-- Adds the "Authorization: Bearer <access_token>" header.
EXEC sp_OASetProperty @http, 'AuthToken', '<access_token>'
DECLARE @resp int
EXEC sp_OAMethod @http, 'QuickRequestParams', @resp OUT, 'GET', 'https://graph.microsoft.com/v1.0/security/alerts', @queryParams
EXEC sp_OAGetProperty @http, 'LastMethodSuccess', @iTmp0 OUT
IF @iTmp0 = 0
BEGIN
EXEC sp_OAGetProperty @http, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @http
EXEC @hr = sp_OADestroy @queryParams
RETURN
END
EXEC sp_OAGetProperty @resp, 'StatusCode', @iTmp0 OUT
PRINT @iTmp0
EXEC sp_OAGetProperty @resp, 'BodyStr', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @resp
EXEC @hr = sp_OADestroy @http
EXEC @hr = sp_OADestroy @queryParams
END
GO
Curl Command
curl -G -d "$filter=Category%20eq%20%27ransomware%27"
-d "$top=5"
-H "Authorization: Bearer <access_token>"
https://graph.microsoft.com/v1.0/security/alerts
Postman Collection Item JSON
{
"name": "Get alerts filtered by category",
"event": [
{
"listen": "test",
"script": {
"exec": [
"try {\r",
" if (responseBody.indexOf(\"InvalidAuthenticationToken\") !== -1)\r",
" {\r",
" console.log(\"You need to run *On behalf of a User | Get User Access Token* request first.\");\r",
" }\r",
" else\r",
" {\r",
" if (pm.response.status === \"Forbidden\")\r",
" {\r",
" console.log(\"You need to add user delegated permissions in your application to at least *SecurityEvents.Read.All, SecurityEvents.ReadWrite.All* in portal.azure.com and then consent as user or Grant admin consent in portal. And re-run *On behalf of a User | Get User Access Token* request to update access token. \");\r",
" }\r",
" }\r",
"}\r",
"catch (e) {\r",
" console.log(e);\r",
"}\r",
""
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [
],
"url": {
"raw": "https://graph.microsoft.com/v1.0/security/alerts?$filter=Category eq 'ransomware'&$top=5",
"protocol": "https",
"host": [
"graph",
"microsoft",
"com"
],
"path": [
"v1.0",
"security",
"alerts"
],
"query": [
{
"key": "$filter",
"value": "Category eq 'ransomware'"
},
{
"key": "$top",
"value": "5"
}
]
}
},
"response": [
]
}
