Forum Discussion
Alert Status column not updating properly for "Resolved" MCAS or IPC alerts
Anyone noticed that the "Alert Status" column for MCAS and IPC (Identity Protection) alerts doesn't properly reflect within the API when resolving alerts in the MCAS or Identity Protection portal? Other products seem to work (WDATP, O365 Security & Compliance), however no matter what I do all my MCAS or IPC alerts come through to the API as "status = newAlert" even when I've resolved them all in the MCAS portal.
Looks like Microsoft's own https://security.microsoft.com/alerts section is also not properly showing status' correctly. I assume they're just using their own SecurityGraph API to surface this information. Need this resolved ASAP so we can start properly centrally using PowerBI to track on-going alert status'.
- Preeti_Krishna
Microsoft
Chris Stelzer zchoate_ksmc Microsoft Graph Security API alert patch support for security products is listed @ https://docs.microsoft.com/en-us/graph/api/resources/security-api-overview?view=graph-rest-1.0#alerts
The 'patch' capability for many providers shows supported - you can update alerts and get them in the same updated state across multiple applications integrated with the Microsoft Graph Security API. Currently the provider / security product portal is not integrated to consume the data from Microsoft Graph Security API. This needs to be implemented on the respective security product portal side. We are working with the security providers to get this implemented consistently.
https://security.microsoft.com/alerts is not integrated to get and update alerts from Microsoft Graph Security API.
Preeti_Krishna thank you. The PATCH alert status for Cloud App Security and Identity Protection is listed as supported, but is still not implemented by these providers. Do you have an ETA for integrating these PATCH alerts?
- I'm seeing the same thing when we mark alerts resolved/false positives for Identity Protection.
