Forum Discussion

leoszalkowski's avatar
leoszalkowski
Brass Contributor
Jun 11, 2020

Microsoft Graph API missing data

I'm using the Graph API to try to query the incidents in Sentinel, however not all of the data is populating properly.   The data that is especially useful for the purpose of this API call is the f...
GaryBushey's avatar
GaryBushey
Bronze Contributor
Jun 12, 2020

leoszalkowski A couple of things

1) The Microsoft Graph API only returns alerts, not incidents.  I have been looking into the same issue when using the ServiceNow Graph API connector.

2) Cannot go into much detail but your question may be moot very soon

CliveWatson's avatar
CliveWatson
Former Employee
Jun 12, 2020

GaryBushey 

leoszalkowski 

 

If you are happy to use an api you can use the Azure Sentinel api (preview), like I show here (I use a Workbook but you can use your preferred tool): https://techcommunity.microsoft.com/t5/azure-sentinel/using-the-sentinel-api-to-view-data-in-a-workbook/ba-p/1386436 and as Gary alludes to, things are planned for Incidents - more news soon  

Direct link to latest version: https://github.com/CliveW-MSFT/KQLpublic/blob/master/KQL/Workbooks/api%20test%20v1.4.2.workbook which allows you to filter to see Comments, Bookmarks are in a seperate api.

 

  • leoszalkowski's avatar
    leoszalkowski
    Brass Contributor
    Jun 15, 2020

    CliveWatson GaryBushey 

     

    Awesome, thanks for the information guys! I'll test this out this week and see how it performs. 

     

    Can't wait to hear the news.

Resources