Azure REST API - $filter param for time delta throws ProviderError

Question

We are facing issues with the Azure API endpoint for fetching security alerts based on given time filter.

Azure API Documentation Link and screenshot for the API section, https://docs.microsoft.com/en-us/rest/api/securitycenter/alerts/listbyresourcegroup

Screenshot - API Doc

We encountered the following error while hitting the endpoint with the required params and Bearer access token.

Error Details:

{
    "error": {
        "code": "ProviderError",
        "message": "Resource provider 'Microsoft.Security' failed to return collection response for type 'alerts'."
    }
}

Endpoint URL:

https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/{ResourceGroup}/providers/Microsoft.Security/alerts?api-version={version}}&$filter=properties.reportedTimeUtc eq '2019-07-06T08:00:51.8801218Z'

NOTE: The URL gives response without specifying the time “filter” , but when using filter as one of the params, we get the above mentioned error.

The param value used: $filter = properties.reportedTimeUtc eq '2019-07-06T08:00:51.8801218Z'

Screenshot - filter param

Could anyone help in the resolution of this issue? Let me know for any additional details/clarifications. Thank You.

Have a look at this SO question. Try the suggested formats mentioned there. — Jeroen Heier

Md Farid Uddin Kiron Md Farid Uddin Kiron · Accepted Answer · 2019-07-18T09:40:33

If you want to filter reportedTimeUtc , you can refer to the following method:

https://management.azure.com/subscriptions/<subscriptionID>/resourceGroups/<RG>/providers/Microsoft.Security/alerts?$filter=Properties/ReportedTimeUtc eq 2019-05-18T12:20:13.3196284Z&api-version=2019-01-01

Just note the filter value format: Properties/ReportedTimeUtc eq 2019-05-18T12:20:13.3196284Z And the first letter must be in Uppercase.

Result:

Azure REST API - $filter param for time delta throws ProviderError

1 Answers