1

I have already looked into some of the answers but didn't find the right solutions. Is there any way we can dismiss the alert in Azure Security Center using Microsoft Graph API or by any other means. I don't want to suppress any rule. I simply want to dismiss the alert. I have looked into some of the Microsoft documentation but didn't the way to achieve this.

Please let me know if anybody knows how to do that.

Thanks!

Shiva Keshav Varma
  • 3,398
  • 2
  • 9
  • 13
Anuj
  • 25
  • 6

2 Answers2

1

Sure. As most Azure Services do, there is an Api for Security Center al well.

You are probably looking for the endpoint that sets the status of an alert to dismissed.

Peter Bons
  • 26,826
  • 4
  • 50
  • 74
  • How can I fetch the authorization token if I want to do that using Logic Apps? – Anuj Jul 21 '20 at 07:16
  • You should be able to request a token following [there docs](https://learn.microsoft.com/en-us/azure/active-directory/azuread-dev/v1-oauth2-client-creds-grant-flow#request-an-access-token). It are just jother http requests in the logic app – Peter Bons Jul 24 '20 at 08:00
0

I had to do this while tuning our Adaptive Application Control rules. With a large number of subscriptions, there were thousands, and didn't make sense to do manually, so I wrote the following script.

Calls to the List method only return a maximum of 100 results at a time. If there are more than 100, the results from Invoke-RestMethod will include a nextLink property, which will allow you to query again for the next page of results.

This script will allow you to dismiss Security Alerts in Microsoft Defender for Cloud based on the alertType across a subscription: https://gist.github.com/grimstoner/a14cc5dfdd1e25f7e1318face67f1c34

Marcel
  • 944
  • 2
  • 9
  • 29