GET /security/incidents/{incident-id}
Retrieve the properties and relationships of an incident object. Attacks are typically inflicted on different types of entities, such as devices, users, and mailboxes, resulting in multiple alert objects. Microsoft 365 Defender correlates alerts with the same attack techniques or the same attacker into an incident.
Servers
- https://graph.microsoft.com/v1.0
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
incident-id |
String | Yes |
The unique identifier of incident |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
$select[] |
Array | No |
Select properties to be returned |
$expand[] |
Array | No |
Expand related entities |
How to start integrating
- Add HTTP Task to your workflow definition.
- Search for the API you want to integrate with and click on the name.
- This loads the API reference documentation and prepares the Http request settings.
- Click Test request to test run your request to the API and see the API's response.