Graph security alerts v2 API returns error for an invalid serviceSource filter 'microsoftDataLossPrevention'
Pritesh Shah
0
Reputation points
We use the Microsoft Graph Security Alerts v2 API (https://graph.microsoft.com/v1.0/security/alerts_v2) with the following filters:
filter=(serviceSource eq 'azureAdIdentityProtection' or serviceSource eq 'microsoft365Defender' or serviceSource eq 'microsoftAppGovernance' or serviceSource eq 'microsoftDefenderForCloud' or serviceSource eq 'microsoftDefenderForCloudApps' or serviceSource eq 'microsoftDefenderForEndpoint' or serviceSource eq 'microsoftDefenderForIdentity' or serviceSource eq 'microsoftDefenderForOffice365' or serviceSource eq 'microsoftDataLossPrevention' or serviceSource eq 'unknown') and (createdDateTime gt 2024-01-01T00:00:00.000000000Z)
Since a few hours ago, we have been seeing the following error response:
{
"error": {
"code": "",
"message": "The query specified in the URI is not valid. The string 'microsoftDataLossPrevention' is not a valid enumeration type constant.",
"details": [],
"innerError": {
"date": "2024-01-30T17:52:41",
"request-id": "xxxxxxx",
"client-request-id": "xxxxxxx"
}
}
}
We do see that the valid value for serviceSources
as per the documentation is dataLossPrevention
and not microsoftDataLossPrevention
. Changing this in the filter fixed the issue.
Question is what changed, as our scripts worked fine (for many months) until a few hours ago?
- Was the serviceSource field
microsoftDataLossPrevention
renamed todataLossPrevention
? - Or were the underlying checks part of the API changed which caused the API to report this error which it previously did not?
Appreciate clarity on this.
Thanks!
Pritesh
Sign in to answer