How to export Incident list from Azure Sentinel?

Question

Hi Team,&nbsp;We have a requirement to export all incidents generated in Azure Sentinel and update customer with the incident which were false positives, true positives, etc.&nbsp;How can we achieve this? I didn't find any option to export incidents in the console.&nbsp;Please help.&nbsp;Regards,Mitesh Agrawal

garybushey · Answer

MiteshAgrawal&nbsp;You are correct that you cannot do this via the console.&nbsp; You can however make some PowerShell calls to get this information.&nbsp;I have a blog post that tells you how to do this:&nbsp;https://www.garybushey.com/2020/01/11/your-first-azure-sentinel-rest-api-call/&nbsp;I also have on that shows you how to export the same data into PowerBI to make some nice charts and graphs:&nbsp;https://www.garybushey.com/2020/01/20/azure-sentinel-incidents-in-powerbi/

miteshagrawal · Answer

Hi GaryBushey&nbsp;,&nbsp;The links aren't accessible. Please help.Regards,Mitesh Agrawal

garybushey · Answer

MiteshAgrawal&nbsp; Looks like my server is down.&nbsp; I'll see about getting it back up.&nbsp; Thanks for letting me know&nbsp;

Forum Discussion

How to export Incident list from Azure Sentinel?

3 Replies

Resources