Azure身份保护-风险检测API-按日期筛选

问题描述 投票:0回答:1

我正在尝试按日期筛选从Azure身份保护检索到的RiskDetection数据,到目前为止没有成功。

对于下面的按activityDateTime过滤的下面的示例数据(或示例数据中的任何日期字段)不显示任何结果:

https://graph.microsoft.com/beta/riskDetections$ filter = activityDateTime gt'2019-12-25'和activityDateTime lt'2019-12-27'

来自https://docs.microsoft.com/en-us/graph/query-parameters

注意:Azure AD不支持以下$ filter运算符资源:ne,gt,ge,lt,le和not。包含字符串运算符当前在任何Microsoft Graph资源上不支持。

是否可以按日期过滤RiskDetections?将不胜感激。

下面带有riskType和riskLevel的过滤器显示数据:

risk_detections_api_url =“ https://graph.microsoft.com/beta/riskDetections?$ filter = riskType eq'anonymizedIPAddress'或riskLevel eq'medium'”]

下面带有userPrincipalName的过滤器显示数据:

risk_detections_api_url =“ https://graph.microsoft.com/beta/riskDetections?$ filter = userPrincipalName eq'[email protected]'”

下面带有ipAddress的过滤器显示数据:

risk_detections_api_url =“ https://graph.microsoft.com/beta/riskDetections?$ filter = ipAddress eq'195.228.45.176'”]

样本数据

{
        "id": "8901d1fee9bqwqweqwe683a221af3d2ae691736f2e369e0dd530625398",
        "requestId": "cc755f41-0313-4cb2-96ce-3a6283fef200",
        "correlationId": "c422083d-0e32-4afb-af4e-6ca46e4235b4",
        "riskType": "anonymizedIPAddress",
        "riskState": "atRisk",
        "riskLevel": "medium",
        "riskDetail": "none",
        "source": "IdentityProtection",
        "detectionTimingType": "realtime",
        "activity": "signin",
        "tokenIssuerType": "AzureAD",
        "ipAddress": "195.228.45.176",
        "activityDateTime": "2019-12-26T17:40:02.1402381Z",
        "detectedDateTime": "2019-12-26T17:40:02.1402381Z",
        "lastUpdatedDateTime": "2019-12-26T17:43:21.8931807Z",
        "userId": "e3835755-80b0-4b61-a1c0-5ea9ead75300",
        "userDisplayName": "John Doe",
        "userPrincipalName": "[email protected]",
        "additionalInfo": "[{\"Key\":\"userAgent\",\"Value\":\"Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0\"}]",
        "location": {
            "city": "Budapest",
            "state": "Budapest",
            "countryOrRegion": "HU",
            "geoCoordinates": {
                "latitude": 47.45996,
                "longitude": 19.14968
            }
        }
}
azure azure-active-directory azure-ad-graph-api identityprotection
1个回答
0
投票

基于PropertiesactivityDateTimedatetimeoffset类型。

因此您应该使用GET https://graph.microsoft.com/beta/riskDetections?$filter=activityDateTime gt 2019-12-25而不是GET https://graph.microsoft.com/beta/riskDetections?$filter=activityDateTime gt '2019-12-25'

此处是类似的API文档:List directoryAudits

但是当我测试它时,它给出了500错误:

{
    "error": {
        "code": "Internal Server Error",
        "message": "There was an internal server error while processing the request. Error ID: d52436f6-073b-4fc8-b3bc-c6a6336d6886",
        "innerError": {
            "request-id": "d52436f6-073b-4fc8-b3bc-c6a6336d6886",
            "date": "2020-02-05T04:10:45"
        }
    }
}

我相信此API的beta版本仍在更改中。您可以使用您的请求ID与Microsoft支持联系,以进行进一步调查。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.