Frequent Visitor

Hi!

 

I am using the Security Center API to retrieve incidents and alerts, and add them to our ITSM platform. During the parsing of the JSON response, I have to check if the incident retrieved is already registered and if it is, if it also has been updated since last time.

 

My issue is that I am unsure what to check for if the incident indeed has been updated. I don't want to check more than necessary. I am hoping that if it has been updated, this only means that a new alert has been attached, but I fear that any property of the incident might change.

 

I have not been able to find any resources that specify what might trigger the lastUpdateTime property, so I turn to you for help.

 

Info from MS about the API call: https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-list-incidents?view=o365-worldwide

 

Edit: I am checking the lastUpdateTime field, of course, to verify it has been updated. If it was not clear, I am wondering which other fields might change if it has been updated.

We support Ukraine and condemn war. Push Russian government to act against war. Be brave, vocal and show your support to Ukraine. Follow the latest news HERE