From d8c6a8386ee05f1b633f2bc294073fbdd2f58645 Mon Sep 17 00:00:00 2001
From: Corissa Lea Koopmans <33907780+Corissalea@users.noreply.github.com>
Date: Tue, 28 Jan 2025 23:03:23 -0600
Subject: [PATCH] Update riskdetection.md with missing RiskEventTypes (V1.0)

added missing RiskEventType strings
---
 api-reference/v1.0/resources/riskdetection.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api-reference/v1.0/resources/riskdetection.md b/api-reference/v1.0/resources/riskdetection.md
index 0d74a442d79..d0360bc2105 100644
--- a/api-reference/v1.0/resources/riskdetection.md
+++ b/api-reference/v1.0/resources/riskdetection.md
@@ -43,7 +43,7 @@ For more information about risk detection, see [Microsoft Entra ID Protection](/
 |location|[signInLocation](../resources/signinlocation.md)|Location of the sign-in.|
 |requestId|String|Request ID of the sign-in associated with the risk detection. This property is `null` if the risk detection is not associated with a sign-in.|
 |riskDetail|riskDetail|Details of the detected risk. The possible values are: `none`, `adminGeneratedTemporaryPassword`, `userChangedPasswordOnPremises`, `userPerformedSecuredPasswordChange`, `userPerformedSecuredPasswordReset`, `adminConfirmedSigninSafe`, `aiConfirmedSigninSafe`, `userPassedMFADrivenByRiskBasedPolicy`, `adminDismissedAllRiskForUser`, `adminConfirmedSigninCompromised`, `hidden`, `adminConfirmedUserCompromised`, `unknownFutureValue`, `m365DAdminDismissedDetection`. Use the `Prefer: include - unknown -enum-members` request header to get the following value(s) in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `m365DAdminDismissedDetection`.|
-|riskEventType|String|The type of risk event detected. The possible values are `adminConfirmedUserCompromised`, `anomalousToken`, `anomalousUserActivity`, `anonymizedIPAddress`, `generic`, `impossibleTravel`, `investigationsThreatIntelligence`, `suspiciousSendingPatterns`, `leakedCredentials`, `maliciousIPAddress`,`malwareInfectedIPAddress`, `mcasSuspiciousInboxManipulationRules`, `newCountry`, `passwordSpray`,`riskyIPAddress`, `suspiciousAPITraffic`, `suspiciousBrowser`,`suspiciousInboxForwarding`, `suspiciousIPAddress`, `tokenIssuerAnomaly`, `unfamiliarFeatures`, `unlikelyTravel`. If the risk detection is a premium detection, will show `generic`. <br/>For more information about each value, see [Risk types and detection](/entra/id-protection/concept-identity-protection-risks#risk-types-and-detection).|
+|riskEventType|String|The type of risk event detected. The possible values are `adminConfirmedUserCompromised`, `anomalousUserActivity`, `anomalousToken`, `anonymizedIPAddress`, `attackerinTheMiddle`, `attemptedPRTAccess`, `generic`, `investigationsThreatIntelligence`, `investigationsThreatIntelligenceSigninLinked`, `leakedCredentials`, `maliciousIPAddress`, `maliciousIPAddressValidCredentialsBlockedIP`, `malwareInfectedIPAddress`, `mcasImpossibleTravel`, `mcasFinSuspiciousFileAccess`, `mcasSuspiciousInboxManipulationRules`, `nationStateIP`, `newCountry`, `passwordSpray`, `riskyIPAddress`, `suspiciousAPITraffic`, `suspiciousBrowser`, `suspiciousInboxForwarding`, `suspiciousIPAddress`, `suspiciousSendingPatterns`, `tokenIssuerAnomaly`, `unfamiliarFeatures`, `unlikelyTravel`, `userReportedSuspiciousActivity`. <br/>For more information about each value, see [Risk types and detection](/entra/id-protection/concept-identity-protection-risks#risk-types-and-detection).|
 |riskLevel|riskLevel|Level of the detected risk. Possible values are: `low`, `medium`, `high`, `hidden`, `none`, `unknownFutureValue`.|
 |riskState|riskState|The state of a detected risky user or sign-in. Possible values are: `none`, `confirmedSafe`, `remediated`, `dismissed`, `atRisk`, `confirmedCompromised`, `unknownFutureValue`.|
 |source|String|Source of the risk detection. For example, `activeDirectory`. |