New Contributor


for my current customer we are trying to integrate O365 ATP and Azure ATP alerts into their current SIEM. we have enabled the MCAS integration for Azure ATP. this enables us to get the security alert from both Azure ATP, MCAS and Office ATP all from the MS security Graph. However is we pull the alerts from the Graph the External ID's for the alerts are not being passed along in the graph. Is this normal behavior? or still a roadmap item?