Stay organized with collections
Save and categorize content based on your preferences.
Change log for MICROSOFT_GRAPH_ALERT
Date
Changes
2025-08-12
- `Suspicious Microsoft Defender Antivirus exclusion` : Added support for the new event, `Suspicious Microsoft Defender Antivirus exclusion` in the detection source `microsoftDefenderForEndpoint`.
- Mapped the `evidence.hostName` to the `principal.hostname` if `evidence.deviceDnsName` is empty in the `deviceEvidence` event.
2025-06-10
- target.file.names: Newly mapped `file_name` raw log field with `target.file.names` UDM field
- Removed unexpected characters from the raw log field `fileState.path` to resolve parsing issues.
2025-01-06
Corrected typo
2024-12-23
- Extracted and mapped the IP address, API endpoint, method, and status code from the customProperties log field.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eA new parser for MICROSOFT_GRAPH_ALERT was created on 2024-11-25.\u003c/p\u003e\n"],["\u003cp\u003eOn 2024-12-23, the parser was updated to extract and map the IP address, API endpoint, method, and status code from the customProperties log field.\u003c/p\u003e\n"],["\u003cp\u003eA typo was corrected in the log on 2025-01-06.\u003c/p\u003e\n"]]],[],null,["# Change log for MICROSOFT_GRAPH_ALERT\n===================================="]]