Skip to content

security-incidenttask-update.md

Latest commit

 

History

History
147 lines (114 loc) · 4.71 KB

security-incidenttask-update.md

File metadata and controls

147 lines (114 loc) · 4.71 KB
title Update incidentTask
description Update the status of an incident task in Microsoft Defender XDR.
author BenAlfasi
ms.date 05/07/2025
ms.localizationpriority medium
ms.subservice security
doc_type apiPageType

Update incidentTask

Namespace: microsoft.graph.security

[!INCLUDE beta-disclaimer]

Update a Microsoft Defender XDR incident task. You can only update the status property.

[!INCLUDE national-cloud-support]

Permissions

Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.

[!INCLUDE permissions-table]

[!INCLUDE rbac-security-alerts-apis-write]

HTTP request

PATCH /security/incidentTasks/{incidentTaskId}

Request headers

Name Description
Authorization Bearer {token}. Required.
Content-Type application/json. Required.

Request body

In the request body, supply only the values you want to update. Omitted properties retain their existing values.

Property Type Description
status microsoft.graph.security.incidentTaskStatus The task status. Values: open, inProgress, completed, failed, notRelevant, unknownFutureValue.

Response

If successful, this method returns a 200 OK response code and the updated security-incidentTask object in the response body.

Examples

Request

HTTP

PATCH https://graph.microsoft.com/beta/security/incidentTasks/213213
Content-Type: application/json

{
    "status": "completed"
}

C#

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Go

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Java

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

JavaScript

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

PHP

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

PowerShell

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Python

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Response

HTTP/1.1 200 OK
Content-Type: application/json

{
    "@odata.type": "#microsoft.graph.security.incidentTask",
    "id": "213213",
    "incident": {
        "@odata.type": "#microsoft.graph.security.incident",
        "id": "123"
    },
    "status": "completed",
    "source": "defenderExpertsXDR",
    "displayName": "Reset device testmachine20",
    "description": "Reset the machine",
    "createdDateTime": "2023-06-26T19:07:39.7433333Z",
    "createdByDisplayName": "Defender Experts",
    "lastModifiedDateTime": "2023-06-27T10:49:33.98Z",
    "lastModifiedByDisplayName": "bealfasi",
    "actionType": "text",
    "actionStatus": "notStarted",
    "responseAction": null
}

Related content