Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Namespace: microsoft.graph.security
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Describes the actions that are taken after a detection is made by a custom detection rule, including the alert that is created and any automated actions that run against impacted entities.
Properties
| Property | Type | Description |
|---|---|---|
| alertTemplate | microsoft.graph.security.alertTemplate | The template that defines the alert that is generated when this rule detects a match, including alert metadata (severity, title, description), entity mappings, custom details, and MITRE tactics. |
| automatedActions | microsoft.graph.security.automatedActionSet | The set of automated actions to run against entities that match the detection. Replaces the deprecated responseActions property. |
| organizationalScope | microsoft.graph.security.organizationalScope | The set of groups (for example, device groups) to which the parent custom detection rule applies. |
| responseActions (deprecated) | microsoft.graph.security.responseAction collection | Actions taken on impacted assets as set in the custom detection rule. Deprecated. Use automatedActions instead. This property will be removed from this resource on 2026-10-01. |
Relationships
None.
JSON representation
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.security.detectionAction",
"organizationalScope": {
"@odata.type": "microsoft.graph.security.organizationalScope"
},
"automatedActions": {
"@odata.type": "microsoft.graph.security.automatedActionSet"
},
"alertTemplate": {
"@odata.type": "microsoft.graph.security.alertTemplate"
}
}