Skip to content

Latest commit

 

History

History
96 lines (67 loc) · 2.65 KB

api-get-incident.md

File metadata and controls

96 lines (67 loc) · 2.65 KB
Raw
title description ms.service ms.author author ms.localizationpriority manager audience ms.collection ms.topic ms.custom search.appverid ms.date
Get incident API
Learn how to use the Get incidents API to get a single incident in Microsoft Defender XDR.
defender-xdr
macapara
mjcaparas
medium
dansimp
ITPro
m365-security
tier3
must-keep
reference
api
met150
02/08/2024

Get incident information API

[!INCLUDE Microsoft Defender XDR rebranding]

Applies to:

Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.

[!includeMicrosoft Defender for Endpoint API URIs for US Government]

[!includeImprove request performance]

Note

Try our new APIs using MS Graph security API. Find out more at: Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn.

API description

Retrieves a specific incident by its ID

Limitations

  1. Rate limitations for this API are 100 calls per minute and 1,500 calls per hour.

Permissions

One of the following permissions is required to call this API.

Permission type Permission Permission display name
Application Incident.Read.All Read all Incidents
Application Incident.ReadWrite.All Read and write all Incidents
Delegated (work or school account) Incident.Read Read Incidents
Delegated (work or school account) Incident.ReadWrite Read and write Incidents

Note

When obtaining a token using user credentials:

  • The user needs to have at least the following role permission: View Data
  • The response will only include incidents that the user is exposed to

HTTP request

GET .../api/incidents/{id}

Request headers

Name Type Description
Authorization String Bearer {token}. Required.

Request body

Empty

Response

If successful, this method returns 200 OK, and the incident entity in the response body. If incident with the specified ID wasn't found - 404 Not Found.

Example

Request

Here's an example of the request.

GET https://api.security.microsoft.com/api/incidents/{id}

Related articles

Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn

[!INCLUDE Microsoft Defender XDR rebranding]