VBScript / Microsoft Graph / Get alerts filtered by destination
Back to Collection Items
Dim fso, outFile
Set fso = CreateObject("Scripting.FileSystemObject")
'Create a Unicode (utf-16) output text file.
Set outFile = fso.CreateTextFile("output.txt", True, True)
' This example assumes the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.
' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.Http")
set http = CreateObject("Chilkat.Http")
' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.JsonObject")
set queryParams = CreateObject("Chilkat.JsonObject")
success = queryParams.UpdateString("$filter","networkConnections/any(d:d/destinationAddress eq '{destination-address}')")
' Adds the "Authorization: Bearer <access_token>" header.
http.AuthToken = "<access_token>"
' resp is a Chilkat.HttpResponse
Set resp = http.QuickRequestParams("GET","https://graph.microsoft.com/v1.0/security/alerts",queryParams)
If (http.LastMethodSuccess = 0) Then
outFile.WriteLine(http.LastErrorText)
WScript.Quit
End If
outFile.WriteLine(resp.StatusCode)
outFile.WriteLine(resp.BodyStr)
outFile.Close
Curl Command
curl -G -d "$filter=networkConnections%2Fany%28d%3Ad%2FdestinationAddress%20eq%20%27%7Bdestination-address%7D%27%29"
-H "Authorization: Bearer <access_token>"
https://graph.microsoft.com/v1.0/security/alerts
Postman Collection Item JSON
{
"name": "Get alerts filtered by destination",
"event": [
{
"listen": "test",
"script": {
"exec": [
"try {\r",
" if (responseBody.indexOf(\"InvalidAuthenticationToken\") !== -1)\r",
" {\r",
" console.log(\"You need to run *On behalf of a User | Get User Access Token* request first.\");\r",
" }\r",
" else\r",
" {\r",
" if (pm.response.status === \"Forbidden\")\r",
" {\r",
" console.log(\"You need to add user delegated permissions in your application to at least *SecurityEvents.Read.All, SecurityEvents.ReadWrite.All* in portal.azure.com and then consent as user or Grant admin consent in portal. And re-run *On behalf of a User | Get User Access Token* request to update access token. \");\r",
" }\r",
" }\r",
"}\r",
"catch (e) {\r",
" console.log(e);\r",
"}\r",
""
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [
],
"url": {
"raw": "https://graph.microsoft.com/v1.0/security/alerts?$filter=networkConnections/any(d:d/destinationAddress eq '{destination-address}')",
"protocol": "https",
"host": [
"graph",
"microsoft",
"com"
],
"path": [
"v1.0",
"security",
"alerts"
],
"query": [
{
"key": "$filter",
"value": "networkConnections/any(d:d/destinationAddress eq '{destination-address}')"
}
]
}
},
"response": [
]
}
