When calling https://graph.microsoft.com/v1.0/security/alerts via python the properties returned do not reflect what is in the documentation. I.e : Category (per docs) = category String Category of the alert (for example, credentialTheft, ransomware, etc.).
I'm getting a GUID for category. Other properties like incidentIds are blank...
"id": "redacted",
"azureTenantId": "redacted",
"azureSubscriptionId": "redacted",
"riskScore": null,
"tags": [],
"activityGroupName": null,
"assignedTo": null,
"category": "e573729c-f65f-46cc-b31b-f5ad7c32ff59_aa5de612-30f2-4e66-8a7f-da99b946ce54",
"closedDateTime": null,
"comments": [],
"confidence": null,
"createdDateTime": "2020-10-18T18:54:41.9442907Z",
"description": "Identifies when a rare Resource and ResourceGroup deployment occurs by a previously unseen Caller.",
"detectionIds": [],
"eventDateTime": "2020-10-04T18:49:39.9931844Z",
"feedback": null,
"incidentIds": [],
"lastModifiedDateTime": "2020-10-18T18:54:42.0552251Z",
"recommendedActions": [],
"severity": "low",
"sourceMaterials": [],
"status": "newAlert",
"title": "Suspicious Resource deployment",
"vendorInformation": {
"provider": "Azure Sentinel",
"providerVersion": null,
"subProvider": null,
"vendor": "Microsoft"
},
"cloudAppStates": [],
"fileStates": [],
"hostStates": [],
"historyStates": [],
"malwareStates": [],
"networkConnections": [],
"processes": [],
"registryKeyStates": [],
"securityResources": [],
"triggers": [],
Anyone have any thoughts?