Forum Discussion
Unable to parse entities from sentinel incident.
Hello team, I am trying to design a playbook to parse sentinel incident data and send the required fields to log analytics workspace. Can you help me how to get only kind and friendly name fields fr...
Hello,
I would suggest calling https://learn.microsoft.com/en-us/rest/api/securityinsights/preview/incidents/list-entities?tabs=HTTP from the Logic App.
Since there is no built-in support in the Sentinel connector in Logic Apps, you will need to use the HTTP connector to send the request. This will return an array of Entity objects that are related to the incident, which you could then parse as needed.
Let me know if you need help with this.
Best regards,
Rutger
I would suggest calling https://learn.microsoft.com/en-us/rest/api/securityinsights/preview/incidents/list-entities?tabs=HTTP from the Logic App.
Since there is no built-in support in the Sentinel connector in Logic Apps, you will need to use the HTTP connector to send the request. This will return an array of Entity objects that are related to the incident, which you could then parse as needed.
Let me know if you need help with this.
Best regards,
Rutger