HTTP status code mismatch (Failing -Filter for Get-MgSecurityAlerts) #907
Comments
ghost
added
the
|
It appears that this is a service issue given the
Reference: https://docs.microsoft.com/en-us/graph/api/resources/security-error-codes?view=graph-rest-1.0#errors The same behavior can also be reproduced through Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/beta/security/alerts?`$filter=Title eq 'Activity from infrequent country'" -Debug@darrelmiller, is this a known issue with the workload? The encoded request URI ( |
|
I just double checked and yes I am logged into the Graph Explorer and PowerShell using the same account and Tenant. I took the encoded URL and pasted that into Graph Explorer and get the "Partial Content - 206" message.
Thanks |
|
The 206 response is an expected behavior. The API is designed to fan out to different alert providers and the 206 response is specifically intended to say that the API executed successfully but not all alert providers were able to provide results. |
|
As a side note, it returns all results, and ignores the filter being passed. |
|
Got it! In this case, we will need to update AutoREST.PowerShell to handle all Will be fixed by Azure/autorest.powershell#853 and #910. |
peombwa
added
AutoREST-dependency
Bug
and removed
question
Service issue
Needs: Attention 👋
labels
|
Also affects #749. |
peombwa
changed the title
|
AutoREST.PowerShell v3 now supports success status code range. The fix will be available in v2 of the module. We just need to:
|
|
Fixed by #907. Will ship in v2 of the module. |
When executing Get-MgSecurityAlerts with a -Filter, it returns all values, even though it should filter.
Command executed: Get-MgSecurityAlert -Filter "Title eq 'Activity from infrequent country'"
As requested, here is the debug output:
DEBUG: CmdletProcessRecordStart:
DEBUG: CmdletProcessRecordAsyncStart:
DEBUG: CmdletGetPipeline:
DEBUG: CmdletBeforeAPICall:
DEBUG: URLCreated: https://graph.microsoft.com/beta/security/alerts?$filter=Title eq 'Activity from infrequent country'
DEBUG: RequestCreated: https://graph.microsoft.com/beta/security/alerts?$filter=Title eq 'Activity from infrequent
country'
DEBUG: HeaderParametersAdded: https://graph.microsoft.com/beta/security/alerts?$filter=Title eq 'Activity from
infrequent country'
HTTP: graph.microsoft.com
DEBUG: BeforeCall:
DEBUG: ResponseCreated:
DEBUG: BeforeResponseDispatch:
DEBUG: GET
https://graph.microsoft.com/beta/security/alerts?$filter=Title%20eq%20'Activity%20from%20infrequent%20country'
HTTP/1.1 206 Partial Content
Transfer-Encoding: chunked
Warning: 199 - "Microsoft/Microsoft Defender ATP/400/248"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
request-id: 3a642255-c544-41d8-ba73-08d2e7d37dff
client-request-id: 3a642255-c544-41d8-ba73-08d2e7d37dff
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"East
US","Slice":"E","Ring":"5","ScaleUnit":"001","RoleInstance":"MN1PEPF00002F29"}}
OData-Version: 4.0
Cache-Control: no-cache
Date: Mon, 18 Oct 2021 23:24:21 GMT
Content-Encoding: gzip
Content-Type: application/json; odata.metadata=minimal; odata.streaming=true; IEEE754Compatible=false; charset=utf-8
DEBUG: Finally:
DEBUG: CmdletAfterAPICall:
DEBUG: CmdletProcessRecordAsyncEnd:
DEBUG: CmdletProcessRecordEnd:
DEBUG: CmdletEndProcessing:
The text was updated successfully, but these errors were encountered: