/
Release notes for Microsoft Graph collector
Document toolboxDocument toolbox

Release notes for Microsoft Graph collector

Owned by Laszlo Frazer
Last updated: Apr 04, 2025
4 min read

Release

Released on

Release type

Details

Recommendations

Release

Released on

Release type

Details

Recommendations

v3.1.0

Mar 4, 2025

IMPROVEMENTBUG FIX

Changes

  • Updated DCSDK from 1.13.1 to 1.14.0

Bug fixes

  • Certain errors have the correct level

Recommended version

v3.0.0

Jan 24, 2025

NEW FEATURE

Features

  • Alerts categorisation for alerts_v2 service (not backwards compatible)

  • New optional flatening of alerts_v2 service

  • Add cloud.msgraph.security.alerts_v2_evidence

  • Automatic recovery from API error 400 "Invalid Skiptoken"

Upgrade

v2.1.0

Nov 29, 2024

IMPROVEMENT SECURITY

Changes

  • Upgrade DCSDK to v1.13.1

  • Upgrade Docker image base to version v1.3.1 in Dockerfile

Security

  • Remove vulnerabilities in libexpat1, expat

Upgrade

v2.0.1

Aug 2, 2024

IMPROVEMENTBUG FIX

Improvements

  • Updated DCSDK to 1.12.2 from 1.11.1

Bug Fixing

  • authlib updated to 1.3.1 to solve CVE-2024-37568

Upgrade

v2.0.0

Apr 1, 2024

IMPROVEMENT

Improvements

  • Complete reimplementation of the collector, refactoring all the services

Upgrade

v1.7.1

Oct 18, 2023

NEW FEATUREIMPROVEMENTBUG FIX

New features

  • time_delta_in_days can now be overwritten in the user configuration by override_time_delta_in_days in all the service that are “time-based”. This new parameter cannot be combined with reset_persistence_auth and/or start_time.

Improvements

  • The state is now persisted more frequently for most of the services. This means that, in case of a collector restart, the chances of duplicating data have been reduced considerably, as the collector will continue pulling data from the same point where it was when the collector was stopped.

Bug fixing

  • The collector will get the most recent token available before performing any new request, reducing the possibilities to get a 401 code as a response.

  • The 504 code responses were returned many time; some of them for having asked for too old data. This used to cause a locking state in the collector, as it was not able to continue. Some mechanisms has been added to avoid requiring that old data to the API. Anyway, if a 504 appears now for any other reason, the improvement related to persisting the state frequently makes the collector continue collecting correctly after the service restart.

Upgrade

v1.7.0

 Oct 10, 2023

NEW FEATUREIMPROVEMENTBUG FIX

New features:

  • alerts_v2 service included, keeping old alerts service for compatibility.

  • Compliance for MS 365 GCC High US environments added.

Improvements:

  • Update DCSDK from 1.8.0 to 1.9.2

Bug fixing:

  • The collector now keeps retrieving events when it is up-to-date.

  • Added extra protection to refresh token and avoid 401 status errors.

  • When a 401 status code is received from a response, the collector tries the request again using the access_token available in the collector_variables, instead of raising en Error. This definitely fixes the bug that used to make the collector restart due to 401 errors.

  • A vendor thread termination event has been set, including three different check points in the thread's run method, as a protection against non-terminated vendor threads, causing the alerts service to stop. Some extra logging has also been added to identify the root cause in case this keeps happening.

Upgrade

v1.6.2

Jan 14, 2023

BUG FIXIMPROVEMENT

Improvements:

  • Update DCSDK from 1.6.0 to 1.8.0

Bug fixing:

  • Fix in the service urls: they were not being formatted correctly with the start_time variable, which allows the user to select the date from which they want to collect events.

  • Updated the limits of the API: The limits have been modified with the official values. This fixes throttling issues.

  • Updated the default value of star_time from 61 days in the past to 30, as this is the maximum limit the API allows.

Upgrade

v1.6.0

Aug 2, 2022

NEW FEATURE

New features:

  • The pulling mechanism now uses a sliding window to avoid event loss and duplication.

Improvements:

  • DevoCollectorSDK upgraded to v1.6.0:

    • Added:

      • More log traces related to execution environment details.

      • Global rate limiters functionality.

      • Extra checks for supporting MacOS as development environment.

      • Obfuscation functionality.

    • Changed:

      • Some log traces now are shown less frequently.

      • The default value for the logging frequency for "main" processes has been changed (to 120 seconds).

      • Updated some Python Packages.

      • Controlled stopping functionality more stable when using the "template".

      • Improved some log messages related to Devo certificates (when using the Devo sender).

      • Validate json objects before saving them to persistence (using filesystem).

Upgrade

v1.4.2

Dec 27, 2022

BUG FIX

Fixed bugs:

  • Fixes bug with non-time-based puller state.

Upgrade

v1.4.1

Dec 2, 2022

BUG FIX

Fixed bugs:

  • Fix error with vendor state when checking the reset_persistence_auth parameter.

  • Allow using v2 tags for secure_scores and secure_scores_control_profile tags.

  • Add missing Devo metadata into events.

Upgrade

v1.4.0

Dec 2, 2022

IMPROVEMENT

Improvements:

  • Automatic outdated start_time correction for audit-based services.

    • New “reset persistence” functionality.

Upgrade

v1.3.0

Nov 18, 2022

IMPROVEMENTBUG FIX

Improvements:

  • start_time configuration parameter normalization for audit and provisioning services.

  • Upgraded devocollectorsdk from 1.4.0 to 1.4.4b:

    • Added:

      • New "templates" functionality.

      • New controlled stopping condition when any input thread fatally fails.

      • Log traces for knowing the execution environment status (debug mode).

    • Changed:

      • Improved log trace details when runtime exceptions happen

      • Refactored source code structure

      • Fixes in the current puller template version

      • The Docker container exits with the proper error code

Bug fixing:

  • Correct token validation when a Partial Content response is received.

  • Use appropriate destination tag for provisioning events.

Upgrade

v1.2.0

Aug 2, 2022

NEW FEATURE IMPROVEMENT

New features:

  • New supported sources

    • Sign In (signIn service)

    • Audit (audit service)

    • Provisioning (provisioning service)

  • Previous services modification

    • The new tagging introduced in the previous v1.1.3 release is now customizable through the tag_version service parameter. The default tagging has been reverted to the original one.

    • The alerts source, when setting the tag_version to v2, will try to categorize the events by applying different tags based on the event’s provider.

Improvements:

  • Token validation is now performed against the corresponding endpoint.

Upgrade