I have Azure Storage with Windows Defender. When a file/component uploads with malware we have alerts in the Azure Security Center. I use Azure REST API to read and process that malware automatically. We have a custom workflow to process them. At the end of the processing, we want to remove the alert so that in the future we do not get them.
I use List By Resource Group to list out the alerts. I am using the Update Resource Group Level Alert State To Dismiss to change the state of the alert.
To call the API to update the status of the alert, I am forming the POST URL as follows. I took the highlighted part from the List REST call as shown in the picture.
Then I add the following before and after that.
https://management.azure.com<the id value from the above>/dismiss?api-version=2020-01-01
I then make a POST request to that URL using a .Net Core 3.1 application (using the HttpClient.PostAsync from system.net.http namespace). What I am receiving is a 400 HTTP status code with "UnsupportedResourceOperation" in the body as an error code. The full response body is showing below:
The error message seems misleading. I find this answer Dismiss Security Center Alert using Graph API suggesting the same approach that I am following. I am not sure what I am doing wrong. My AD tenant app has a subscription contributor role.
Any help will be appreciated.
