The API we are being asked to get data from is:
GET https://graph.microsoft.com/v1.0/security/alerts
I see documented that these are supported:
Office365
- Audit_AzureActiveDirectory
- Audit Exchange
- Audit. SharePoint
- Audit_General (includes all other workloads not included in the previous content types)
- DLP All (DLP events only for all workloads)
Azure
- azureaudit: collects management logs
- azure_ad_signin: collects Active Directory sign-in logs
- azure_ad_audit: collects Active Directory audit logs
I do not seem to have visibility into what these are collecting so have no idea what they talk to and am being asked to provide a feasibility of collecting from that API. I have spent days trying to tease out this answer and cannot, would anyone be able to say if and where this api can be called?