Forum Discussion
Query Analytic Rules
Hello There, Is it possible to query analytics rules for their status, last run & scheduled time....? If so, which table to query? Rod_Trent samikroy Thank you, Raju
raju_ninja007 - In addition, there is a workbook available named Log Sources & Analytic Rule Coverage in Sentinel Workbook gallery to view the rule in detail which uses the below API to extract the details
https://docs.microsoft.com/en-us/rest/api/securityinsights/stable/alert-rules/list
And you can leverage SecurityIncident table to get the latest incident created from rule.
https://docs.microsoft.com/en-us/rest/api/securityinsights/stable/alert-rules/list
And you can leverage SecurityIncident table to get the latest incident created from rule.