Creating a Microsoft Graph webhook subscription to security/alerts fails










0















When I attempt to create a Microsoft Graph webhook subscription to the security/alerts endpoint, the subscription creation fails with a generic message as shown below. Modifying the resource to 'me/messages' results in a successful webhook subscription created, so this appears to be specific to the security/alerts endpoint. How do I move past this?



enter image description here



The body of the request is as such:




"changeType": "created",
"notificationUrl": "https://xxxxxxxxx.azurewebsites.net/api/graphnotifications",
"resource": "security/alerts?$filter=vendorInformation/provider+eq+'ASC'",
"expirationDateTime": "2018-11-15T11:00:00.0000000Z",
"clientState": "secretClientValue"










share|improve this question






















  • Wes, can you share the actual request url you are using here too? just to be double sure.

    – Jeremy Thake MSFT
    Nov 15 '18 at 16:40















0















When I attempt to create a Microsoft Graph webhook subscription to the security/alerts endpoint, the subscription creation fails with a generic message as shown below. Modifying the resource to 'me/messages' results in a successful webhook subscription created, so this appears to be specific to the security/alerts endpoint. How do I move past this?



enter image description here



The body of the request is as such:




"changeType": "created",
"notificationUrl": "https://xxxxxxxxx.azurewebsites.net/api/graphnotifications",
"resource": "security/alerts?$filter=vendorInformation/provider+eq+'ASC'",
"expirationDateTime": "2018-11-15T11:00:00.0000000Z",
"clientState": "secretClientValue"










share|improve this question






















  • Wes, can you share the actual request url you are using here too? just to be double sure.

    – Jeremy Thake MSFT
    Nov 15 '18 at 16:40













0












0








0








When I attempt to create a Microsoft Graph webhook subscription to the security/alerts endpoint, the subscription creation fails with a generic message as shown below. Modifying the resource to 'me/messages' results in a successful webhook subscription created, so this appears to be specific to the security/alerts endpoint. How do I move past this?



enter image description here



The body of the request is as such:




"changeType": "created",
"notificationUrl": "https://xxxxxxxxx.azurewebsites.net/api/graphnotifications",
"resource": "security/alerts?$filter=vendorInformation/provider+eq+'ASC'",
"expirationDateTime": "2018-11-15T11:00:00.0000000Z",
"clientState": "secretClientValue"










share|improve this question














When I attempt to create a Microsoft Graph webhook subscription to the security/alerts endpoint, the subscription creation fails with a generic message as shown below. Modifying the resource to 'me/messages' results in a successful webhook subscription created, so this appears to be specific to the security/alerts endpoint. How do I move past this?



enter image description here



The body of the request is as such:




"changeType": "created",
"notificationUrl": "https://xxxxxxxxx.azurewebsites.net/api/graphnotifications",
"resource": "security/alerts?$filter=vendorInformation/provider+eq+'ASC'",
"expirationDateTime": "2018-11-15T11:00:00.0000000Z",
"clientState": "secretClientValue"







microsoft-graph microsoft-graph-security






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 14 '18 at 20:27









Wes K.Wes K.

112




112












  • Wes, can you share the actual request url you are using here too? just to be double sure.

    – Jeremy Thake MSFT
    Nov 15 '18 at 16:40

















  • Wes, can you share the actual request url you are using here too? just to be double sure.

    – Jeremy Thake MSFT
    Nov 15 '18 at 16:40
















Wes, can you share the actual request url you are using here too? just to be double sure.

– Jeremy Thake MSFT
Nov 15 '18 at 16:40





Wes, can you share the actual request url you are using here too? just to be double sure.

– Jeremy Thake MSFT
Nov 15 '18 at 16:40












2 Answers
2






active

oldest

votes


















0














Wes, you didn't post the URL that you sent that request to. As per the documentation for Security Alerts.




You can use Microsoft Graph webhooks to subscribe to and receive notifications about updates to Microsoft Graph Security entities.




https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/resources/security-api-overview



On that page, it states posting a request and gives a sample like this



POST https://graph.microsoft.com/v1.0/subscriptions
Content-Type: application/json

"changeType": "created,updated",
"notificationUrl": "https://webhook.azurewebsites.net/notificationClient",
"resource": "/me/mailfolders('inbox')/messages",
"expirationDateTime": "2016-03-20T11:00:00.0000000Z",
"clientState": "SecretClientState"



https://developer.microsoft.com/en-us/graph/docs/concepts/webhooks



Are you posting that request body to that url?






share|improve this answer






























    0














    Please use 'updated' for 'changeType'. Security/Alerts uses 'updated' for all new or updated alerts.






    share|improve this answer























    • Perfect, this solved the issue. Suggest adding more descriptive feedback in the 400 and maybe updating the docs to not include "created" in the sample changeType.

      – Wes K.
      Nov 16 '18 at 18:31











    Your Answer






    StackExchange.ifUsing("editor", function ()
    StackExchange.using("externalEditor", function ()
    StackExchange.using("snippets", function ()
    StackExchange.snippets.init();
    );
    );
    , "code-snippets");

    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "1"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53308251%2fcreating-a-microsoft-graph-webhook-subscription-to-security-alerts-fails%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    Wes, you didn't post the URL that you sent that request to. As per the documentation for Security Alerts.




    You can use Microsoft Graph webhooks to subscribe to and receive notifications about updates to Microsoft Graph Security entities.




    https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/resources/security-api-overview



    On that page, it states posting a request and gives a sample like this



    POST https://graph.microsoft.com/v1.0/subscriptions
    Content-Type: application/json

    "changeType": "created,updated",
    "notificationUrl": "https://webhook.azurewebsites.net/notificationClient",
    "resource": "/me/mailfolders('inbox')/messages",
    "expirationDateTime": "2016-03-20T11:00:00.0000000Z",
    "clientState": "SecretClientState"



    https://developer.microsoft.com/en-us/graph/docs/concepts/webhooks



    Are you posting that request body to that url?






    share|improve this answer



























      0














      Wes, you didn't post the URL that you sent that request to. As per the documentation for Security Alerts.




      You can use Microsoft Graph webhooks to subscribe to and receive notifications about updates to Microsoft Graph Security entities.




      https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/resources/security-api-overview



      On that page, it states posting a request and gives a sample like this



      POST https://graph.microsoft.com/v1.0/subscriptions
      Content-Type: application/json

      "changeType": "created,updated",
      "notificationUrl": "https://webhook.azurewebsites.net/notificationClient",
      "resource": "/me/mailfolders('inbox')/messages",
      "expirationDateTime": "2016-03-20T11:00:00.0000000Z",
      "clientState": "SecretClientState"



      https://developer.microsoft.com/en-us/graph/docs/concepts/webhooks



      Are you posting that request body to that url?






      share|improve this answer

























        0












        0








        0







        Wes, you didn't post the URL that you sent that request to. As per the documentation for Security Alerts.




        You can use Microsoft Graph webhooks to subscribe to and receive notifications about updates to Microsoft Graph Security entities.




        https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/resources/security-api-overview



        On that page, it states posting a request and gives a sample like this



        POST https://graph.microsoft.com/v1.0/subscriptions
        Content-Type: application/json

        "changeType": "created,updated",
        "notificationUrl": "https://webhook.azurewebsites.net/notificationClient",
        "resource": "/me/mailfolders('inbox')/messages",
        "expirationDateTime": "2016-03-20T11:00:00.0000000Z",
        "clientState": "SecretClientState"



        https://developer.microsoft.com/en-us/graph/docs/concepts/webhooks



        Are you posting that request body to that url?






        share|improve this answer













        Wes, you didn't post the URL that you sent that request to. As per the documentation for Security Alerts.




        You can use Microsoft Graph webhooks to subscribe to and receive notifications about updates to Microsoft Graph Security entities.




        https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/resources/security-api-overview



        On that page, it states posting a request and gives a sample like this



        POST https://graph.microsoft.com/v1.0/subscriptions
        Content-Type: application/json

        "changeType": "created,updated",
        "notificationUrl": "https://webhook.azurewebsites.net/notificationClient",
        "resource": "/me/mailfolders('inbox')/messages",
        "expirationDateTime": "2016-03-20T11:00:00.0000000Z",
        "clientState": "SecretClientState"



        https://developer.microsoft.com/en-us/graph/docs/concepts/webhooks



        Are you posting that request body to that url?







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 15 '18 at 17:07









        Jeremy Thake MSFTJeremy Thake MSFT

        8121511




        8121511























            0














            Please use 'updated' for 'changeType'. Security/Alerts uses 'updated' for all new or updated alerts.






            share|improve this answer























            • Perfect, this solved the issue. Suggest adding more descriptive feedback in the 400 and maybe updating the docs to not include "created" in the sample changeType.

              – Wes K.
              Nov 16 '18 at 18:31
















            0














            Please use 'updated' for 'changeType'. Security/Alerts uses 'updated' for all new or updated alerts.






            share|improve this answer























            • Perfect, this solved the issue. Suggest adding more descriptive feedback in the 400 and maybe updating the docs to not include "created" in the sample changeType.

              – Wes K.
              Nov 16 '18 at 18:31














            0












            0








            0







            Please use 'updated' for 'changeType'. Security/Alerts uses 'updated' for all new or updated alerts.






            share|improve this answer













            Please use 'updated' for 'changeType'. Security/Alerts uses 'updated' for all new or updated alerts.







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Nov 15 '18 at 23:49









            SFBUSFBU

            1




            1












            • Perfect, this solved the issue. Suggest adding more descriptive feedback in the 400 and maybe updating the docs to not include "created" in the sample changeType.

              – Wes K.
              Nov 16 '18 at 18:31


















            • Perfect, this solved the issue. Suggest adding more descriptive feedback in the 400 and maybe updating the docs to not include "created" in the sample changeType.

              – Wes K.
              Nov 16 '18 at 18:31

















            Perfect, this solved the issue. Suggest adding more descriptive feedback in the 400 and maybe updating the docs to not include "created" in the sample changeType.

            – Wes K.
            Nov 16 '18 at 18:31






            Perfect, this solved the issue. Suggest adding more descriptive feedback in the 400 and maybe updating the docs to not include "created" in the sample changeType.

            – Wes K.
            Nov 16 '18 at 18:31


















            draft saved

            draft discarded
















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53308251%2fcreating-a-microsoft-graph-webhook-subscription-to-security-alerts-fails%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            這個網誌中的熱門文章

            How to read a connectionString WITH PROVIDER in .NET Core?

            In R, how to develop a multiplot heatmap.2 figure showing key labels successfully

            Museum of Modern and Contemporary Art of Trento and Rovereto