Get Alerts from WDATP using PowerShell and the REST API
cls Remove-Variable * -Force -ErrorAction SilentlyContinue [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$tenantID - 'getyourtenantid'
$OAuthUri = 'https://login.windows.net/$tenantID/oauth2/token'
$Body = @{
resource = 'https://graph.windows.net'
client_id = 'getyourclient_id'
client_secret = 'getyourclient_secret'
grant_type = 'client_credentials'
}
$Response = Invoke-RestMethod -Method Post -Uri $OAuthUri -Body $Body
# Get all alerts going back 6 months
$AlertUri = https://wdatp-alertexporter-us.securitycenter.windows.com/api/Alerts?SinceTimeUtc=10%2F5%2F2016%204%3A14%3A28%20PM
$Headers = @{ Authorization = "Bearer $($Response.access_token)" }
$Results = Invoke-RestMethod -Uri $AlertUri -Method Get -Headers $Headers
$Results foreach ($result in $Results)
{
$out = $result.AlertTime + ";" + $result.ComputerDnsName + ";" + $result.Severity + ";" + $result.Category + ";" + $result.AlertTitle + ";" + $result.FileName
$out | out-file 'C:\alertdata.csv' -append
}
