[m365_defender.alert] Prefer: include-unknown-enum-members Header #12573
Description
Integration Name
Microsoft M365 Defender [m365_defender]
Dataset Name
m365_defender.alert
Integration Version
Latest
Agent Version
Latest
Agent Output Type
elasticsearch
Elasticsearch Version
Latest
OS Version and Architecture
Latest
Software/API Version
No response
Error Message
None
Event Original
irrelevant
What did you do?
Use the integration
What did you see?
unknow field values
What did you expect to see?
field values
Anything else?
The Alerts integration has no option to specify the following header, maybe this can be a toggle option for people that want to use it but its very useful.
Prefer: include-unknown-enum-members
https://learn.microsoft.com/en-us/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations
without this we cant get the following values - https://learn.microsoft.com/en-us/graph/api/resources/security-alert?view=graph-rest-1.0#:~:text=Prefer%3A%20include%2Dunknown,microsoftDefenderThreatIntelligenceAnalytics%2C%20builtInMl, which are very useful.