Azure Sentinel API Documentation

Question

Hi Team,&nbsp;We have requirement to integrate azure sentinel with IBM Qradar/IBM Resilient for centralized incident management. I.e. we will send all the incidents generated in azure sentinel to&nbsp;IBM Qradar/IBM Resilient.&nbsp;Do we have Azure Sentinel API's and documentation available ? Please confirm. Tx

gary bushey · Answer

ericjk4&nbsp;I would agree.&nbsp; If there is an API you can call from Sentinel you can use a Logic App to send the data to that API to generate the incident.

ericjk4 · Answer

Hello!You probably check out the Qradar documentation: but other then this way I dont know and if you find a way please let me know!https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/com.ibm.dsm.doc/t_dsm_guide_microsoft_azure_enable_event_hubs.html?cp=SS42VS_7.3.1Thanks!

linuvarghese · Answer

Have you explored the option of using the graph API?

ofer_shezaf · Answer

Pavan_Gelli&nbsp;:&nbsp;
&nbsp;
YanivSh&nbsp;and&nbsp;Alp Babayigit&nbsp;just published a great blog on the topic:&nbsp;
&nbsp;
Sending alerts enriched with supporting events from Azure to 3rd party SIEMs
&nbsp;
~ Ofer

benoit_pasteau · Answer

Ofer_Shezaf&nbsp;Do you have the link to this blog post ?!

Forum Discussion

Azure Sentinel API Documentation

Share

Resources