Change log for MICROSOFT_GRAPH_ALERT
| Date | Changes |
|---|---|
| 2025-10-14 | - security_result.detection_fields[determination]: Newly mapped `determination` raw log field with `security_result.detection_fields[determination]` UDM field.
|
| 2025-09-17 | Improved error handling to cover various edge cases across multiple scenarios. |
| 2025-08-12 | - `Suspicious Microsoft Defender Antivirus exclusion` : Added support for the new event, `Suspicious Microsoft Defender Antivirus exclusion` in the detection source `microsoftDefenderForEndpoint`.
- Mapped the `evidence.hostName` to the `principal.hostname` if `evidence.deviceDnsName` is empty in the `deviceEvidence` event. |
| 2025-06-10 | - target.file.names: Newly mapped `file_name` raw log field with `target.file.names` UDM field
- Removed unexpected characters from the raw log field `fileState.path` to resolve parsing issues. |
| 2025-01-06 | Corrected typo |
| 2024-12-23 | - Extracted and mapped the IP address, API endpoint, method, and status code from the customProperties log field.
|
| 2024-11-25 | Newly created parser. |