ms-graph error 400 could not find property 'createdDateTime"

leon appel

unread,

Sep 18, 2024, 1:05:40 PM9/18/24

to Wazuh | Mailing List

Hi

I am hoping someone can assist with this issue

2024/09/18 16:16:45 wazuh-modulesd:ms-graph: WARNING: Received unsuccessful status code when attempting to get relationship 'riskDetections' logs: Status code was '400' & response was '{"error":{"code":"BadRequest","message":"Invalid filter clause: Could not find a property named 'createdDateTime' on type 'microsoft.graph.riskDetection'.","innerError":{"date":"2024-09-18T15:16:45","request-id":"e8b68e50-2b76-4d73-b099-b374ece9b72f","client-request-id":"e8b68e50-2b76-4d73-b099-b374ece9b72f"}}}'

I tried adding these lines to the wazuh template but the issue persist

"microsoft.graph.riskDetection",

},
"riskDetection": {
"properties": {
"createdDateTime": {
"type": "Date"

}

},

Thanks in advance

tomas....@wazuh.com

unread,

Sep 18, 2024, 4:17:58 PM9/18/24

to Wazuh | Mailing List

Hi Leon,

That error is probably because the events you are collecting with the ms-graph integration do not have that field.

Could you share the configuration you are using, especially the ms-graph block?

Please hide all sensitive information.

Also, if you have an example event, it will also be helpful in troubleshooting this issue.

Best regards

Tomás Turina

leon appel

unread,

Sep 19, 2024, 11:34:33 AM9/19/24

to Wazuh | Mailing List

Hi Tomas

I have updated the template with the following and I will be able to confirm tomorrow if that resolved the issue once the new index get created

"microsoft.graph.riskDetection",

},
"riskDetection": {
"properties": {

"detectedDateTime": {
"type": "Date"
}

}

},

Thank you

Reply all

Reply to author

Forward