Ingest sample Microsoft Graph Security API alerts

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:1分

    • Ingest sample alerts from your Microsoft Azure tenant.

    始める前に

    Role required: sn_si.admin

    手順

    1. You can either pull the 5 most recent sample alerts or provide the unique alert IDs for the specific alerts that you want to use for your mapping experience.
      From the Ingestion Preference choice list, select one of the following:
      • Retrieve most recent alerts: The 5 most recent alerts are retrieved.
      • Select alerts based on alerts ID: Specify the alert ID for the alerts to be retrieved. You can specify a maximum of 5 alert ids separated by commas.
    2. Click Fetch Sample Data to pull the latest sample alert data from the Microsoft Azure tenant.
      The pull for sample alerts may take a few moments.

      The sample alert field values are populated on the left side of the form when sample alerts are ingested by the profile. These are the alerts that you map to the SIR security incident fields. The alert fields and values results are displayed as individual tabs.


      Microsoft Graph Security API: ingest alerts

    次のタスク

    After you have fetched the sample data, the next step is map the alert fields to the security incident.