Forum Discussion
API for Sentinel Alerts and Cases
Is there any update on when this might be available?
Thanks,
Steven
MicrosoftThe new incidents API should be published by the end of the month
kobiga Is there any update yet? I can't find the Incidents API.
SanderWannet the Azure Sentinel API is in preview and examples can be found here: https://github.com/Azure/azure-rest-api-specs/tree/master/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples
To query for incidents you can make a get request to:https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/microsoft.operationalinsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/?api-version=2019-01-01-preview- kobiga
Sentinel incidents API is available in preview version and included in Sentinel's API swagger spec - https://github.com/Azure/azure-rest-api-specs/tree/master/specification/securityinsights/resource-manager/Microsoft.SecurityInsights
The stable version of the API will be released in about 2-3 weeks and should basically be the same as the preview version
kobiga Thanks for you fast reply. I found indeed the /incidents/* actions in the preview version but didn't see them n the stable version (2020-01-01) right now. Can you conform they will be added in the following 2-3 weeks?
wadstromdev: Thanks for you example. Did some successful testing with it! I hope the /incidents/* actions will be added in the stable (2020-01-01) because they are now only available inn the preview version..
