We are already working with ServiceNow Support on this. Also posting here to broaden our reach and see if anyone else is having issues with 10.4.7 version of the "Graph Security API Alert Ingestion Integration For Security Operations" plugin.

We have upgraded our sub-prod instances to Vancouver. We see that the "Graph Security API Alert Ingestion Integration For Security Operations" plugin was automatically upgraded to version 10.4.6 (we later upgraded to 10.4.7 after experiencing this issue). That version of the plugin switched to version 2 of the "Microsoft Graph Security" API. With the upgraded plugin, we are seeing inconsistencies in the alerts that are pulled. It seems we're no longer getting alerts from Microsoft Defender for Cloud (aka, Azure Security Center). Notice this is not Microsoft Defender for Cloud Apps. I point this out because this documentation mentions MS Defender for Cloud Apps but not just Cloud nor Azure Security Center.

One of our security admins used the Microsoft Graph API Python SDK and was able to get alerts from Microsoft Defender for Cloud using v1 of the API. However, when he uses v2 of the API, he gets a 404 “Not Found” ResponseStatusCode.

Is anyone else experiencing this? And if so, do you have any advice on how we should proceed? Again, we already have a case open with SN support but it's moving slowly and we're on a deadline to get our instances upgraded to Vancouver during the month of January. Thanks in advance.