Forum Discussion
Solved
Azure Sentinel REST API create incident
Trying to create a new incident using https://docs.microsoft.com/en-us/rest/api/securityinsights/incidents/createorupdate 'Tryit' from the above page does not work for Create Incident. The List ...
baddeacs In addition to what Sarah_Young wrote about the ID (which should actually be a GUID), the default body listed is not correct. I had to modify it to look like:
{ properties: { severity: "High", status: "New", title: "Example Title" } }
Sarah_Young
Microsoft
Microsoftbaddeacs you can put any incident number you like, as long as it hasn't been used in the workspace previously. You do need to input an incident number, otherwise the PUT will fail.