Unexpected results when filtering security alerts by createdDateTime

Question

I'm seeing some unexpected behavior from the Microsoft Graph Security Alerts APIin the Graph API.

When filtering by createdDateTime, when no results are expected, it is returning results for today instead of an empty array (as expected).

/beta/security/alerts?$filter=createdDateTime ge 2020-07-26T18:09:31Z

If the filter is changed to eventDateTime, the expected empty array is returned:

/beta/security/alerts?$filter=eventDateTime ge 2020-07-26T18:09:31Z

I'm seeing this on multiple accounts, but not in the Graph API Explorer. This happens in the beta as well as v1.0 API.

score 0 · Answer 1 · answered Aug 27 '19 at 21:57

0

Please reach out to us at graphsecfeedback_at_microsoft_dot_com with your tenant ID and json alerts seen for the createdDateTime filter query so that we can investigate further.

answered Aug 27 '19 at 21:57

Meketrefe

11
3

Unexpected results when filtering security alerts by createdDateTime

1 Answers1