https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/get-incident-list-from-microsoft-365-defender/m-p/595063#M3529 <P>That's the neat part: you can't!<BR /><BR />In the reference documentation for the 365 Defender integration, for the "incidents-list" command the default, and maximum, is 100.<BR />You can change it to be less, but not more.<BR /><A href="https://xsoar.pan.dev/docs/reference/integrations/microsoft-365-defender#microsoft-365-defender-incidents-list" target="_blank">https://xsoar.pan.dev/docs/reference/integrations/microsoft-365-defender#microsoft-365-defender-incidents-list</A></P> Thu, 15 Aug 2024 22:48:04 GMT cmcneil 2024-08-15T22:48:04Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/get-incident-list-from-microsoft-365-defender/m-p/592887#M3495 <P>Hi Team,</P> <P>I want to get the events between the dates I give from Microsoft 356 Defender. In the ‘microsoft-365-defender-incidents-list’ command, the limit is set to maximum 100. What should I do to make the limit unlimited?</P> <P><BR />The command: </P> <LI-CODE lang="python">test_data ={’$filter": “createdTime gt 2024-03-16T06:00:00.29Z and createdTime lt 2024-07-22T09:00:00.29Z”} execute_command(‘microsoft-365-defender-incidents-list’, {‘status’: ‘Resolved’, ‘odata’:test_data})</LI-CODE> <P>&nbsp;</P> <P><EM>In addition, I can send the current query according to the created time from the incoming data, but I want to learn if there is a known method such as limit=-1, not with a loop.</EM></P> <P>&nbsp;</P> <P>Best Regards,</P> <P>#Microsoft365Defender <LI-PRODUCT title="Cortex XSOAR" id="Cortex_XSOAR"></LI-PRODUCT>&nbsp;</P> Wed, 24 Jul 2024 13:51:19 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/get-incident-list-from-microsoft-365-defender/m-p/592887#M3495 E.Ok204121 2024-07-24T13:51:19Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/get-incident-list-from-microsoft-365-defender/m-p/595063#M3529 <P>That's the neat part: you can't!<BR /><BR />In the reference documentation for the 365 Defender integration, for the "incidents-list" command the default, and maximum, is 100.<BR />You can change it to be less, but not more.<BR /><A href="https://xsoar.pan.dev/docs/reference/integrations/microsoft-365-defender#microsoft-365-defender-incidents-list" target="_blank">https://xsoar.pan.dev/docs/reference/integrations/microsoft-365-defender#microsoft-365-defender-incidents-list</A></P> Thu, 15 Aug 2024 22:48:04 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/get-incident-list-from-microsoft-365-defender/m-p/595063#M3529 cmcneil 2024-08-15T22:48:04Z