Forum Discussion

haimmag's avatar
haimmag
Copper Contributor
Jun 20, 2020

graph api query sentinel CEF log

hi team, 1. i have CEF (Common Event Format) logs i collected in azure sentinel, i want to query CEF logs from graph.microsoft.com or Graph Security API   2. how can we create alert on every CEF ...
Ofer_Shezaf's avatar
Ofer_Shezaf
Icon for Microsoft rankMicrosoft
Jun 22, 2020

haimmag 

 

1. As GaryBushey writes: you cannot retrieve workspace data using the Graph Security API. For API access to the workspace data see the Log Analytics query API (more data on Sentinel APIs here).

 

2. We are going to release shortly a feature that will enable to generate and alert per rule result, addressing your "alert for every CEF event" requirement.

 

~ Ofer 

Resources