Namespace: microsoft.graph.security
Read the properties and relationships of an auditLogQuery object.
This API is available in the following national cloud deployments.
| Global service |
US Government L4 |
US Government L5 (DOD) |
China operated by 21Vianet |
| ✅ |
❌ |
❌ |
❌ |
Permissions
Auditing data can be accessed through Microsoft Purview Audit Search API via the following permissions, which are classified at a Microsoft 365 service level. To learn more, including how to choose permissions, see Permissions.
| Permission type |
Least privileged permissions |
Higher privileged permissions |
| Delegated (work or school account) |
ThreatIntelligence.Read.All |
Not available. |
| Delegated (personal Microsoft account) |
Not supported. |
Not supported. |
| Application |
ThreatIntelligence.Read.All |
Not available. |
HTTP request
Optional query parameters
This method supports some of the OData query parameters to help customize the response. For general information, see OData query parameters.
Request body
Don't supply a request body for this method.
Response
If successful, this method returns a 200 OK response code and a auditLogQuery object in the response body.
Examples
Request
The following example shows a request.
GET https://graph.microsoft.com/v1.0/security/auditLog/queries/{auditLogQueryId}
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Security.AuditLog.Queries["{auditLogQuery-id}"].GetAsync();
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
queries, err := graphClient.Security().AuditLog().Queries().ByAuditLogQueryId("auditLogQuery-id").Get(context.Background(), nil)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.models.security.AuditLogQuery result = graphClient.security().auditLog().queries().byAuditLogQueryId("{auditLogQuery-id}").get();
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
const options = {
authProvider,
};
const client = Client.init(options);
let auditLogQuery = await client.api('/security/auditLog/queries/{auditLogQueryId}')
.version('beta')
.get();
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$result = $graphServiceClient->security()->auditLog()->queries()->byAuditLogQueryId('auditLogQuery-id')->get()->wait();
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
result = await graph_client.security.audit_log.queries.by_audit_log_query_id('auditLogQuery-id').get()
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Response
The following example shows the response.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 200 OK
Content-Type: application/json
{
"value": {
"@odata.type": "#microsoft.graph.security.auditLogQuery",
"id": "168ec429-084b-a489-90d8-504a87846305",
"displayName": "String",
"filterStartDateTime": "String (timestamp)",
"filterEndDateTime": "String (timestamp)",
"recordTypeFilters": [
"String"
],
"keywordFilter": "String",
"serviceFilter": "String",
"operationFilters": [
"String"
],
"userPrincipalNameFilters": [
"String"
],
"ipAddressFilters": [
"String"
],
"objectIdFilters": [
"String"
],
"administrativeUnitIdFilters": [
"String"
],
"status": "String"
}
}