This node provides access to security operations with the MS Graph API.
SecurityEvents.Read.All permission is required to perform the Get Alert operation. The
SecurityEvents.ReadWrite.All permission is required to perform the Update Alert operation.
The display name of the node within the flows.
System-wide unique ID of the plugin instance.
Configuration option determining the type of operation to perform:
- Get Alert: Retrieves the details of an alert using the supplied
- Update Alert: Updates fields of an alert specified by
Alert ID. Any field specified with the value of
Do Not Update will not be changed.
Successful results for an action are placed in
Unique identifier for the alert being retrieved or updated.
When updating an alert, the alert life cycle status (stage). Possible values are:
When updating an alert, the name of the analyst the alert is assigned to for triage, investigation, or remediation.
When updating an alert, the time at which the alert was closed.
When updating an alert, the analyst feedback on the alert. Possible values are:
When updating an alert, the analyst comments on the alert (for customer alert management). This action can update the comments field with the following values only:
Closed in IPC or
Closed in MCAS. This value will be converted to an array if it is not already an array.
When updating an alert, the user-definable labels that can be applied to an alert and can serve as filter conditions (for example,
TAG1, TAG2). This value will be converted to an array if it is not already an array. For a string value, use a comma separated list of tags.