Microsoft Graph Security API response does not have all info.

The Microsoft Graph Security API aggregates alerts from multiple security providers but does not expose all detailed fields seen in the native Defender tools, especially for DLP alerts. While the API returns alert data including a filestates property, it may not include detailed file path or file name information visible in the Defender portal for DLP alerts. This is because:

• DLP alerts originate from Microsoft Purview DLP policies managed in the Compliance Center, which currently does not fully expose detailed DLP alert data via the Graph Security API.
• The Graph Security API focuses on unified alert metadata and may omit some contextual details that remain only in the native tools.
• For related user activities or detailed file info, advanced hunting queries or other Microsoft 365 Defender APIs might be required instead.

In summary, the missing file path and name in the API response is a known limitation due to the separation of DLP alert management in Purview and the unified but abstracted view the Graph Security API provides. To get full DLP alert details, consider using the Microsoft 365 Compliance Center or advanced hunting queries rather than relying solely on the Graph Security API alert endpoint.