I have the Microsoft Graph alert source setup but I am not seeing alerts from a specific source.
You will want to check Ignored alert sources within the "Microsoft Graph" to confirm if any alert sources are set to be ignored.
To update this, go to the Alert Sources page in Red Canary and select the Microsoft Graph alert source. Click the blue "View Configuration" button on the top right of the page to show the below window.
Remove the checkmark for a specific alert source to stop suppressing these alerts from coming into Red Canary. Select the "close" button that the bottom of the screen to save this change.
Note: Prerequisites may apply for certain Microsoft specific alert sources.
- For Defender for Identity or Azure Active Directory Identity Protection, see Integrating Defender for Identity and Azure AD Identity Protection Alerts.
- For Microsoft Cloud App Security (MCAS), see Microsoft Cloud App Security overview.
- For Office 365 Security and Compliance Center, see Security & Compliance Center.