We are currently integrating Microsoft Security Insights into our application to strengthen Security monitoring capabilities. For alerts list report, found this API https://learn.microsoft.com/en-us/rest/api/securityinsights/incidents/list-alerts?view=rest-securityinsights-2024-03-01&tabs=HTTP
POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/alerts?api-version=2024-03-01
Our focus is to expand this functionality to include detailed reports on users and applications vulnerable to Security risks. Could someone help us on any available APIs or methods within Microsoft Security Insights or any other that can generate such reports?
PFB:
You can make use of Microsoft Graph Beta API to retrieve information on users and applications vulnerable to risk. Note that, you need to have "Microsoft Entra ID P2" license to use riskyUsers API.
I have below list of users vulnerable to risk in my Microsoft Entra ID tenant:
To get this risky users information, I ran below API requests in Graph Explorer by signing in with user having "Global Reader" role:
GET https://graph.microsoft.com/beta/identityProtection/riskyUsers?$filter=riskLevel eq microsoft.graph.riskLevel'medium'
Response:
Similarly, I have below application vulnerable to risk that can be found in "Risky workload identities" tab:
To get information regarding risky applications, make use of below API call:
GET https://graph.microsoft.com/beta/identityProtection/riskyServicePrincipals
Response:
References: