Microsoft Graph

Microsoft Graph is a Universal Rest API based log source template that enables you to fetch and analyze logs from Microsoft Graph.

Release Details

Version: v5.3.2

Release date: May 15, 2026

Supported On: Logpoint v7.9.0 and later, Universal REST API Fetcher v3.6.0

SHA 256: 084288643bc7b101c840883858269508b38466f57a41770c8242129ea1d4fbfa

Microsoft Graph User Guide

Download

Package Details

Microsoft Graph API consists of the following components:

Universal REST API Fetcher
- MicrosoftGraphFetcher
Compiled Normalizer
- MicrosoftGraphCompiledNormalizer
Search Templates
- Entra ID Identity Protection
- Defender XDR Security
Dashboards
- LP_DEFENDER XDR ALERTS
- LP_DEFENDER XDR INCIDENTS
- LP_ENTRA ID IDENTITY PROTECTION
Alerts
- LP_Microsoft Defender XDR - High Severity Alert
- LP_Microsoft Defender XDR - Host Generating Multiple Alerts
- LP_Microsoft Defender XDR - Multiple Alerts Involving Same User
- LP_Microsoft EntraID - User at Risk
- LP_Potentially Unwanted Software Detected
Report Template
- Entra ID Audit Activity Monitoring

Enhancements

PLUG-16434

Enhanced normalization for Microsoft Graph directory audit logs by extracting key fields from targetResources and additionalDetails at ingestion time for Role Management and Application Management events:

user_agent, source_address
resource_id, resource_display_name, resource_upn, resource_type, resource_group_type
Modified property values: application_address, display_name, publisher_domain, service_principal_name, is_account_enabled

This removes the need for runtime JSON parsing, improving alert and dashboard performance, and requires no configuration changes after upgrade.

PLUG-13141

Added time-based filtering to Microsoft Graph API requests, fetching only logs generated since the last collection cycle. This reduces API response sizes and prevents token expiration and rate-limiting errors in high-volume environments.

Bug Fixes

PLUG-16653

The log_ts field in Microsoft Graph normalized logs was mapped to lastUpdatedDateTime rather than the actual event occurrence time, causing alerts and incidents to appear in incorrect time buckets.

PLUG-16526

The Microsoft Graph log source template was missing the Pagination Key for alerts_v2 and had an incorrect date format for riskDetections, causing log ingestion issues.

PLUG-15694

The log_ts field in Microsoft Graph normalized logs was mapped to the log collection time rather than the createdDateTime value from the source log, resulting in inaccurate event timestamps.

Past Releases

Microsoft Graph v5.3.1 ▾

Version: 5.3.1

Release date: May 08, 2025

Supported On: Logpoint v7.4.0 and later

SHA 256: 26e193e8edd83245fb9b3290f397c9e544d76519b9fbf531ec9714217692fbb9

Download

Bug Fix

PLUG-15724

MicrosoftGraph Compiled Normalizer didn't normalize logs forwarded via Syslog Forwarder, resulting in missed logs and alerts.

Microsoft Graph v5.3.0 ▾

Version: 5.3.0

Release date: October 30, 2024

Supported On: Logpoint v7.4.0 or later

SHA 256: 58e1ca2452ad0bfdfeb38fbb99793be62812b257d0ee790e08e4fb1c75253d22

Download

Enhancement

PLUG-12017

MicrosoftGraphCompiledNormalizer is updated to map the following Microsoft Graph fields to the Logpoint fields.

accountName to account
domainName to domain
userSid to user_sid
fileName to file
filePath to file_path
ipAddress to source_address

Microsoft Graph v5.2.0 ▾

Version: 5.2.0

Release date: July 17, 2024

Supported On: Logpoint v7.4.0 or later

SHA 256: 0c4dfce688a97b44acc1321f8f367e56000628702d165811df29b16e3e2c2ba8

Download

Enhancements

KB-25090

Microsoft Graph now includes two new endpoints:

auditLogs/directoryaudits
auditLogs/signIns

for collecting logs from Microsoft Entra ID, previously Azure Active Directory.

To learn more, go to Microsoft Graph.

KB-25090, KB-24409, KB-23895, KB-24519

Microsoft Graph now includes Dashboards, Search Templates, Alerts, and a Report Template, providing deeper insights into Microsoft Graph activities and security events.

To learn more, go to Microsoft Graph Analytics.

Support

If you have any questions or require assistance, create a support ticket.

Microsoft Graph

Release Details

Package Details

Enhancements

Bug Fixes

Past Releases

Bug Fix

Enhancement

Enhancements

Support

Comments

Related articles