IPC Security Alerts userStates data now returning null instead of information
Hello, I've noticed that all new security alerts generated from the IPC provider since 27 September no longer contain full userStates data. Specifically the accountName, domainName and userPrincipalName are all set to null. The only user identifier that is maintained is the aadUserId. Is anyone else seeing this issue? I pull alerts with a GET /v1.0/security/alerts?$filter=vendorinformation/provider eq 'IPC' Example snippet of the issue: New alerts: userStates": [ { "aadUserId": "protecting-the-inno-cent-users", "accountName": null, "domainName": null, "emailRole": "unknown", "isVpn": null, "logonDateTime": "2022-09-27T20:06:19.5816216Z", "logonId": null, "logonIp": "127.83.247.216", "logonLocation": "Location, PT", "logonType": null, "onPremisesSecurityIdentifier": null, "riskScore": null, "userAccountType": null, "userPrincipalName": null } ], versus an old alert userStates": [ { "aadUserId": "protecting-the-inno-cent-users", "accountName": "john.doe", "domainName": "example.net", "emailRole": "unknown", "isVpn": null, "logonDateTime": "2022-09-27T18:17:53.5121378Z", "logonId": null, "logonIp": "127.2.185.40", "logonLocation": "Location, CA", "logonType": null, "onPremisesSecurityIdentifier": null, "riskScore": null, "userAccountType": null, "userPrincipalName": "email address removed for privacy reasons" } ], I have a ticket open, but I do not have high hopes of explanation or resolution,