API get alerts in MS Defender via Powershell script

Question

I am trying to get alerts from MS Defender API via. Powershell script. However no output is coming through. I have made an app with read rights alert.read. I have tried the first step and I get a token. (I have tried to putt Uri both variable and hardcoded:

   [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
    $tenantId = 'xxxx-xxxx-xxxx-xxxx' ###  tenant ID 
    $appId = 'xxxxx-xxxx-xxxx-xxxx' ###  Application ID
    $appSecret = 'xxxx-xxxx-xxxx-xxxx' ### Application key 
    
    $resourceAppIdUri = 'https://api.securitycenter.microsoft.com'
    $oAuthUri = "https://login.microsoftonline.com/$TenantId/oauth2/token"
    $authBody = [Ordered] @{
        resource = "$resourceAppIdUri"
        client_id = "$appId"
        client_secret = "$appSecret"
        grant_type = 'client_credentials'
    }
    $authResponse = Invoke-RestMethod -Method Post -Uri $oAuthUri -Body $authBody -ErrorAction Stop
    $token = $authResponse.access_token
    $token
    
    #Get latest alert top 10 pasted into alertUrl
    $alertUrl = "https://api-eu.securitycenter.windows.com/api/alerts"
    $headers = @{ 
        Content-Type = 'application/json'
        Accept = 'application/json'
        Authorization = "Bearer $token"
    }
    $alertResponse = Invoke-WebRequest -Method GET -Uri "https://api-eu.securitycenter.windows.com/api/vulnerabilities?$top=10" -Headers $headers -ErrorAction Stop
    $alerts =  ($alertResponse | ConvertFrom-Json).value

I also have this problem, everything looks okay and loads of alerts within the 48 hour timeframe within the portal. Can anyone assist? — Royston, Jun 14 '23 at 12:06

API get alerts in MS Defender via Powershell script

0 Answers0