IBM QRadar cannot receiving RiskLevel and RiskState information from Microsoft Graph API
Davin Ardian
1
Reputation point
Hello everyone,
Hope you are all is going well.
we already collected logs/events from Microsoft Graph API but we are not receiving RiskState and RiskLevel information
The QRadar by default gathers the logs from URL : https://graph.microsoft.com/v1.0/security/alerts on the QRadar event paylod we are receiving RiskScore but the value is sometimes none.
Does anyone experience the same issue?