question

SentinelNoob-4281 avatar image
0 Votes"
SentinelNoob-4281 asked Deva-MSFT answered

Missing indicators from Graph Security API submission

Hi Community,

Using the Graph Security API, I submitted 1.9 million unique network ip indicators to my Sentinel workspace with concurrent threads. I verified the count via responses from the API. However, the sentinel only shows the ingestion of roughly 1.2 million unique indicators after much delay.

What happen to the rest? Did api drop them somehow? If it did, wouldn't the response tell me so?
Is there a limit on ingestion that I've not noticed?

Much appreciate any help!

microsoft-sentinelmicrosoft-graph-security
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@SentinelNoob-4281
Thank you for your post! To better help answer your questions, would you be able to share the specific GraphAPI call that you used when submitting 1.9 million unique network IP indicators?


Any additional information such as what API you used to count the responses would be greatly appreciated.
Thank you for your time and patience throughout this issue.

0 Votes 0 ·

Yes, the api urls is https://graph.microsoft.com/beta/security/tiindicators/submitTiIndicators
When the call to the api is successful, it returns with the same data that was submitted. I logged the response and count the number of indicates in the response.

0 Votes 0 ·

1 Answer

Deva-MSFT avatar image
0 Votes"
Deva-MSFT answered

As you're getting good amount of data, i am not sure you tried the pagination (check the constraints section & workaround) ?


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.