Forum Discussion

avijitkuk's avatar
avijitkuk
Copper Contributor
Jan 28, 2021

Entities and it's related fields

Hi,

 

Can anyone please help me out on fetching entities related to incident. I found one article in which we need to make two calls to achieve this 

1. Getting the system alert id by running the https://management.azure.com/subscriptions/6b1ceacd-5731-4780-8f96-2078dd96fd96/resourceGroups/cxp-azuresecurity/providers/Microsoft.OperationalInsights/workspaces/CxP-AzureSecurityWS/providers/Microsoft.SecurityInsights/Incidents/803f3d58-a406-4953-a1df-953143313a74/relations?api-version=2019-01-01-preview API call 

 

get:

https://management.azure.com/subscriptions/6b1ceacd-5731-4780-8f96-2078dd96fd96/resourceGroups/cxp-azuresecurity/providers/Microsoft.OperationalInsights/workspaces/CxP-AzureSecurityWS/providers/Microsoft.SecurityInsights/Incidents/803f3d58-a406-4953-a1df-953143313a74/relations?api-version=2019-01-01-preview

 

in my example the system alert id value located here 

 

 

 

2.  run a POST request on https://management.azure.com/subscriptions/6b1ceacd-5731-4780-8f96-2078dd96fd96/resourceGroups/cxp-azuresecurity/providers/Microsoft.OperationalInsights/workspaces/CxP-AzureSecurityWS/providers/Microsoft.SecurityInsights/entities/fc4faf6f-03b7-3c57-6892-100a0f960f9d/expand?api-version=2019-01-01-preview API with the system Alert ID based on the first phase

where the expansionId is constant for get all entities 

 

Post

https://management.azure.com/subscriptions/6b1ceacd-5731-4780-8f96-2078dd96fd96/resourceGroups/cxp-azuresecurity/providers/Microsoft.OperationalInsights/workspaces/CxP-AzureSecurityWS/providers/Microsoft.SecurityInsights/entities/fc4faf6f-03b7-3c57-6892-100a0f960f9d/expand?api-version=2019-01-01-preview

 

body 

{
"expansionId": "98b974fd-cc64-48b8-9bd0-3a209f5b944b",
}

 

 

 

Here my question is, is these steps mentioned above will get all the entities info associated with an incident or for different entities we have to hit different endpoints.

My second question is there any endpoint through which we can get the structure of all the entities and it's fields. In future entities will increase and so is the associated field, is there an endpoint in management apis through which we can get the whole shema of entities.

 

Thanks 

Avi

 

 

 

No RepliesBe the first to reply