Forum Discussion
Still trying to extract IP addressess from an Alert using the API
Ok so I know this was posted -> https://techcommunity.microsoft.com/t5/azure-sentinel/get-entities-for-a-sentinel-incidient-by-api/m-p/1422643
For the life of me I cannot get this working, has anyone else successfully used the 'expand' function with a POST request to grab IP's and such like? I cant really find any documentation on this.
I need to try and do this via the API as I essentially want to call this Playbook via a URL as its being called by another playbook, so I cannot use the normal triggers that would capture all this entity information (like the trigger 'When a response to an Azure Sentinel alert is triggered').
Any ideas?
stevebennett500 I see that you replied to the other posting leading me to believe that you have solved this issue. Is that correct?
- Yes that’s correct. A rookie error that has been sending me nuts for days!
On the plus side we now have Sentinel talking very nicely back and forth with TheHive.
