Sentinel: IPCustomEntity missing from Graph security alerts

GaryBushey: thanks for your response. This information is not in the Sentinel REST API:

{"title":"CEF test","description":"","severity":"Medium","status":"New","labels":[],"endTimeUtc":"2020-01-31T10:06:18.027Z","startTimeUtc":"2020-01-31T09:27:14.243Z","owner":{"objectId":null,"email":null,"name":null},"lastUpdatedTimeUtc":"2020-02-03T12:50:03Z","createdTimeUtc":"2020-02-03T12:50:03.9258785Z","relatedAlertIds":["..."],"relatedAlertProductNames":["Azure Sentinel"],"caseNumber":6171,"totalComments":0,"metrics":{"SecurityAlert":1},"firstAlertTimeGenerated":"2020-02-03T12:50:03.0676935Z","lastAlertTimeGenerated":"2020-02-03T12:50:03.0676935Z"}},{"id":"/subscriptions/.../resourceGroups/.../providers/Microsoft.OperationalInsights/workspaces/.../providers/Microsoft.SecurityInsights/Cases/...","name":"...","etag":"\\"...\\"","type":"Microsoft.SecurityInsights/Cases","properties":{"title":"CEF test","description":"","severity":"Medium","status":"New","labels":[],"endTimeUtc":"2020-01-31T10:06:18.027Z","startTimeUtc":"2020-01-31T09:27:14.243Z","owner":{"objectId":null,"email":null,"name":null},"lastUpdatedTimeUtc":"2020-02-03T12:49:53Z","createdTimeUtc":"2020-02-03T12:49:53.5068612Z","relatedAlertIds":["..."],"relatedAlertProductNames":["Azure Sentinel"],"caseNumber":6170,"totalComments":0,"metrics":{"SecurityAlert":1},"firstAlertTimeGenerated":"2020-02-03T12:49:52.6768191Z","lastAlertTimeGenerated":"2020-02-03T12:49:52.6768191Z"}}

I was able to get the entities by performing a query against the log analytics API but this is not ideal:

SecurityAlert | where SystemAlertId == '" + systemalertid + "' | project Entities

Another thing I tried is to send logs in CEF format to sentinel. The information then shows up in CommonSecurityLog (and I could then query it like above) but not in the Sentinel REST API.

Any idea why?