| title | wdatpAlertsAuditRecord resource type |
|---|---|
| description | Represents an audit record for Microsoft Defender for Endpoint (formerly Windows Defender Advanced Threat Protection) alert activities. |
| author | palakagrawaljk |
| ms.subservice | security |
| ms.localizationpriority | medium |
| doc_type | resourcePageType |
| ms.date | 03/05/2026 |
| toc.title | WDATP alerts audit record |
Namespace: microsoft.graph.security
[!INCLUDE beta-disclaimer]
Represents an audit record for Microsoft Defender for Endpoint (formerly Windows Defender Advanced Threat Protection) alert activities. This resource captures information about security alerts, including their creation, modification, resolution, and administrative actions taken in response to detected threats. The audit data helps security teams track the lifecycle of security incidents, document response actions, and maintain a comprehensive audit trail of threat detection and remediation activities for compliance and security management purposes.
Inherits from microsoft.graph.security.auditData. The audit data for this record type is returned as the auditData property in an auditLogRecord.
None.
None.
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.security.wdatpAlertsAuditRecord"
}