Forum Discussion

Microsoft

Nov 11, 2020

What's New: Tags column is now available in Azure Sentinel incidents page!

Hello everyone, We are happy to share with you a small but important improvement we added to our incidents blade – a new tag column is now available as part of the Incidents list! Tags are...

what's new

Clive_Watson

Bronze Contributor

Feb 07, 2023

Labels == Tags

SecurityIncident
| extend Tags = parse_json(Labels)
| extend labelName_ = tostring(Tags[0].labelName)
| where isnotempty(labelName_)

Patclementine

Copper Contributor

Jan 17, 2024

Clive_Watson

Hi Clive

I was reading though the documentation on how to create a Sentinel Incident with API but unfortunately I am not able to add labels/tags while creating a Sentinel Incident Manually with API Payload

any suggestions I could try?

GBushey
Former Employee
Jan 17, 2024
They are referred to as "labels" in the REST API documentation. I have an example with them in my Sentinel development EBook: https://garybushey.com/2023/11/27/programming-book-version-1-0-finally-ready/
- Patclementine
  Copper Contributor
  Jan 17, 2024
  GBushey
  Hello
  thank you for the link I tried that and I am receiving some error like below:
  
  Bad Request: Error converting value [] to type Microsoft.Azure.Sentinel.CasesArmApi.Controllers.Stable.Version_2020_01_01.IncidentLabelArmModel
  
  P.S. I am using the 2023 api version
  
  not sure what is the reason as I have my code in Python
  - GBushey
    Former Employee
    Jan 17, 2024
    Not sure how to make Python create a JSON array of labels, but does each entry you create have a "labelName" and "labelType"?