Forum Discussion
Fetch Events of Sentinel incidents via Api
Hello, i need to get the data of the Events related to a Incident of Sentinel but i don't find any info in the docs about that I need in specifict that 2 events of that incident @...
madmvx You can use IncidentRelation API to get entities associated with an incident (this is closest to getting evidence).
Note this API is currently in preview. That's why we don't have documentation about it. However, you can view the API specs here: https://github.com/Azure/azure-rest-api-specs/blob/master/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/entities/GetAllIncidentEntities.json
If you want to get evidence table, then using the Log Analytics, as shoando mentioned above. API: https://dev.loganalytics.io/documentation/Using-the-API