Latency and Time line of data returned by Microsoft Graph Security API

%3CLINGO-SUB%20id%3D%22lingo-sub-1570195%22%20slang%3D%22en-US%22%3ELatency%20and%20Time%20line%20of%20data%20returned%20by%20Microsoft%20Graph%20Security%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1570195%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWhat%20is%20the%20the%20latency%20of%20data%20returned%20by%20Microsoft%20Graph%20Security%20API%20i.e.alert%2C%20Secure%20score.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20are%20planning%20to%20use%20below%20Power%20BI%20connector%20to%20fetch%20Security%20API%20data%20in%20Power%20BI.%20What%20is%20the%20frequency%20of%20data%20returned%20i.e.%20last%20180%20days.%2090%20days%20etc.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpower-bi%2Fconnect-data%2Fdesktop-connect-graph-security%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpower-bi%2Fconnect-data%2Fdesktop-connect-graph-security%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAppreciate%20the%20responses.%20Thanks%20!!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1571267%22%20slang%3D%22en-US%22%3ERe%3A%20Latency%20and%20Time%20line%20of%20data%20returned%20by%20Microsoft%20Graph%20Security%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1571267%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F751207%22%20target%3D%22_blank%22%3E%40abhsha8891%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHi%2C%3C%2FP%3E%0A%3CP%3EPlease%20clarify%20your%20question.%20There%20are%20different%20%22latency%22%20here%3A%20when%20a%20malware%20triggers%20an%20alert%2C%20the%20alert%20provider%20such%20as%20Azure%20Security%20Center%20or%20Office%20may%20have%20a%20length%20processing%20to%20identify%20the%20alert%20and%20send%20to%20customers%2C%20the%20latency%20is%20defined%20as%20%22from%20receiving%20the%20logs%20of%20the%20alert%20to%20the%20time%20the%20alert%20is%20created%20and%20sent%20to%20customers%20by%20portal%20or%20API%22%2C%20that%20can%20be%20minutes%20or%20hours.%20Another%20latency%20is%20when%20a%20customer%20calls%20portal%20or%20API%2C%20how%20long%20should%20the%20customer%20wait%20before%20the%20UI%2FAPI%20returns%20some%20results.%20That%20is%20in%20the%20range%20of%20seconds.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAlso%20what%20is%20%22frequency%20of%20data%20returned%22%3F%20Did%20you%20mean%20retention%20time%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1571378%22%20slang%3D%22en-US%22%3ERe%3A%20Latency%20and%20Time%20line%20of%20data%20returned%20by%20Microsoft%20Graph%20Security%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1571378%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F710359%22%20target%3D%22_blank%22%3E%40BrittanyRandolph%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20Latency%20I%20mean%2C%20if%20there%20is%20any%20time%20delay%20between%20the%20alerts%20logged%20by%20security%20provider%20and%20actual%20results%20return%20by%20API.%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20need%20this%20information%20for%20reporting%20purpose.%20For%20example%2C%20if%20there%20is%20an%20alert%20logged%20by%20provider%20today%2C%20will%20it%20be%20returned%20by%20API%20instantly%20or%20after%20some%20specific%20time.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20also%20need%20info%20regarding%20the%20time%20period%20of%20the%20data%20returned%20from%20API%20for%20reporting%20purpose.%20For%20example%2C%20when%20we%20call%20the%20api%2C%20will%20the%20alerts%20are%20of%20last%2090%20days%2C%20180%20days%20or%20some%20other%20time%20frame.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20am%20actually%20looking%20this%20information%20for%20data%20returned%20by%20Power%20Bi%20Connector%20for%20Security%20API.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpower-bi%2Fconnect-data%2Fdesktop-connect-graph-security%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpower-bi%2Fconnect-data%2Fdesktop-connect-graph-security%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1573559%22%20slang%3D%22en-US%22%3ERe%3A%20Latency%20and%20Time%20line%20of%20data%20returned%20by%20Microsoft%20Graph%20Security%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1573559%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F751207%22%20target%3D%22_blank%22%3E%40abhsha8891%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EDifferent%20alert%20providers%20have%20very%20different%20latency%20expectations.%20For%20example%2C%20Azure%20Security%20Center%20has%20a%206%20hours%20SLA.%20Please%20refer%20to%20providers%20as%20guidance.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAs%20for%20retention%20policy%2C%20it%E2%80%99s%20general%2030%20days%2C%20though%20Office%20has%20a%20retention%20policy%20for%20only%207%20days.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1576546%22%20slang%3D%22en-US%22%3ERe%3A%20Latency%20and%20Time%20line%20of%20data%20returned%20by%20Microsoft%20Graph%20Security%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1576546%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F710359%22%20target%3D%22_blank%22%3E%40BrittanyRandolph%3C%2FA%3E%26nbsp%3B.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIt%20would%20be%20great%20if%20you%20can%20share%20the%20documentation%20around%20retention%20policy.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

Hi All,

 

What is the the latency of data returned by Microsoft Graph Security API i.e.alert, Secure score.

 

We are planning to use below Power BI connector to fetch Security API data in Power BI. What is the frequency of data returned i.e. last 180 days. 90 days etc. 

https://docs.microsoft.com/en-us/power-bi/connect-data/desktop-connect-graph-security

 

Appreciate the responses. Thanks !!

4 Replies

@abhsha8891 

Hi,

Please clarify your question. There are different "latency" here: when a malware triggers an alert, the alert provider such as Azure Security Center or Office may have a length processing to identify the alert and send to customers, the latency is defined as "from receiving the logs of the alert to the time the alert is created and sent to customers by portal or API", that can be minutes or hours. Another latency is when a customer calls portal or API, how long should the customer wait before the UI/API returns some results. That is in the range of seconds.

 

Also what is "frequency of data returned"? Did you mean retention time?

@BrittanyRandolph 

For Latency I mean, if there is any time delay between the alerts logged by security provider and actual results return by API. 

I need this information for reporting purpose. For example, if there is an alert logged by provider today, will it be returned by API instantly or after some specific time.

 

I also need info regarding the time period of the data returned from API for reporting purpose. For example, when we call the api, will the alerts are of last 90 days, 180 days or some other time frame. 

 

I am actually looking this information for data returned by Power Bi Connector for Security API.

https://docs.microsoft.com/en-us/power-bi/connect-data/desktop-connect-graph-security

 

@abhsha8891 

Different alert providers have very different latency expectations. For example, Azure Security Center has a 6 hours SLA. Please refer to providers as guidance.

 

As for retention policy, it’s general 30 days, though Office has a retention policy for only 7 days.

Thanks @BrittanyRandolph .

 

It would be great if you can share the documentation around retention policy.

www.000webhost.com