Forum Discussion
Fetch Azure Sentinel Incidents Via API
Hi jojo_the_coder, current available APIs to fetch incidents can be found here.
To fetch alerts related to an incident without using Log Analytics API, you can do that via the Microsoft Graph Security API. Please refer to the documentation https://docs.microsoft.com/en-us/graph/api/resources/security-api-overview?view=graph-rest-1.0#alerts Below is an example query to get all alerts provided by Azure Sentinel via the Graph Security API. A list of curated sample queries can be found https://github.com/microsoftgraph/security-api-solutions/tree/master/Queries
https://graph.microsoft.com/v1.0/security/alerts?$filter=vendorInformation/provider eq 'Azure Sentinel'.
Hi jojo_the_coder, current available APIs to fetch incidents can be found here.
To fetch alerts related to an incident without using Log Analytics API, you can do that via the Microsoft Graph Security API. Please refer to the documentation https://docs.microsoft.com/en-us/graph/api/resources/security-api-overview?view=graph-rest-1.0#alerts Below is an example query to get all alerts provided by Azure Sentinel via the Graph Security API. A list of curated sample queries can be found https://github.com/microsoftgraph/security-api-solutions/tree/master/Queries
https://graph.microsoft.com/v1.0/security/alerts?$filter=vendorInformation/provider eq 'Azure Sentinel'.
