Forum Discussion
Evidence and entities for a REST API created incident
baddeacs I see the same thing. It may be due to there not being any alerts associated with the incident.
- baddeacsDec 16, 2020Copper Contributor
GaryBushey Thanks, good thought. We don't see a way to provide this information via Sentinel API. Separate question - Are product names configurable? Only MSFT products in the product name list.
- GaryBusheyDec 17, 2020Bronze Contributor
baddeacs There is a field for the product name but it is hidden a bit down (in the IncidentAdditionalData) and is read-only so you will not be able to set it yourself (which makes sense). I also don't see how to set the alert ID(s) when creating the Incident.
Not sure what your use case is but you may be better off creating an entry in a custom table that has the information you need and then creating an analytics rule that looks at that custom table to let Azure Sentinel create the Incident.