| title | runDetails resource type |
|---|---|
| description | Represents an instance of a custom detection rule run. |
| author | mmekler |
| ms.localizationpriority | medium |
| ms.subservice | security |
| doc_type | resourcePageType |
| ms.date | 03/06/2024 |
Namespace: microsoft.graph.security
[!INCLUDE beta-disclaimer]
Represents an instance of a custom detection rule run.
| Property | Type | Description |
|---|---|---|
| errorCode | microsoft.graph.security.huntingRuleErrorCode | Error code of the most recent run that encountered an error. The possible values are: queryExecutionFailed, queryExecutionThrottling, queryExceededResultSize, queryLimitsExceeded, queryTimeout, alertCreationFailed, alertReportNotFound, partialRowsFailed, unknownFutureValue. |
| failureReason | String | Reason for failure when the custom detection last ran and failed. See the table below. |
| lastRunDateTime | DateTimeOffset | Timestamp when the custom detection was last run. |
| status | microsoft.graph.security.huntingRuleRunStatus | Status of custom detection when it was last run. The possible values are: running, completed, failed, partiallyFailed, unknownFutureValue. |
| errorCode | Reason |
|---|---|
| queryExecutionFailed | An unexpected error occurred during query execution. Contact support if this failure reoccurs. |
| queryExecutionThrottling | Query execution was throttled due to exceeded tenant resources. |
| queryExceededResultSize | Result size limit exceeded. Only the first 100 query results were processed. |
| queryLimitsExceeded | Query execution was preempted. This failure can be due to high CPU and/or memory resource consumption. Optimize your query by following best practices and try again. |
| queryTimeout | Query execution took longer than the assigned timeout and was aborted. |
| alertCreationFailed | An unexpected error occurred while generating alerts from query results. Contact support if this failure reoccurs. |
| alertReportNotFound | An event couldn't be matched to the given Timestamp, DeviceId, or ReportId. Check the query for aggregation expressions on those columns. |
| partialRowsFailed | Only a subset of query results could be processed to alerts. Contact support if this failure reoccurs. |
None.
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.security.runDetails",
"lastRunDateTime": "String (timestamp)",
"status": "String",
"failureReason": "String",
"errorCode": "String"
}