Microsoft Purview is a comprehensive data governance solution that helps organizations manage their data and ensure compliance with various regulatory requirements.
One of the critical aspects of data governance is monitoring and responding to incidents related to data breaches, sensitive data exposure, and policy violations.
Microsoft Purview provides robust capabilities to handle these incidents, and the Microsoft Graph API enables seamless integration and automation of incident management.
We wanted to fetch the incident logged here by utilizing graph API:
Assumption is that you already have APP registered in AzureAD for Microsoft Graph SDK module.
If you have not completed that then first finish that step before moving forward.
Now that you are setup with Microsoft graph SDK, please provide the APP with following rights
SecurityIncident.Read.All
Do not forget to ADD Admin consent
Now Connect the Microsoft Graph PowerShell SDK.
Connect-MgGraph -ClientId $MgGClientID -CertificateThumbprint $ThumbPrint -TenantId $TenantName
Now first create filtering mechanism of start and End Dates:
$startDate = “2024-07-08”
$endDate = “2024-07-10” # Adjust this as needed
$filterQuery = “createdDateTime ge $startDate and createdDateTime le $endDate”
Now you can collect all the incident using below code in a collection.
$allIncidents = @()
$uri = “https://graph.microsoft.com/beta/security/incidents`?`$filter=$filterQuery”
$count =0
do {
# Make the request
$response = Invoke-MgGraphRequest -Method Get -Uri $uri
# Add the current batch of incidents to the allIncidents array
$allIncidents += $response.value
# Check if there’s a nextLink to follow
if ($response.’@odata.nextLink’) { $uri = $response.’@odata.nextLink’ } else { $uri = $null }
$count++
$count
} while ($uri -ne $null)
Here are the results:
You can follow this procedure and enhance the script as required.
Thanks for reading …
Tech Wizard
Tech Wizard 