Forum Discussion
Get Custom Details from Sentinel
How do I go about getting the custom details set using https://learn.microsoft.com/en-us/azure/sentinel/surface-custom-details-in-alerts using REST API?
I need to do this outside of logic app and using REST API. The incidents API endpoint doesn’t provide this detail and I couldn’t find any API endpoint listed in https://learn.microsoft.com/en-us/rest/api/securityinsights/operation-groups?view=rest-securityinsights-2024-01-01-preview that would allow me get to get the custom details with the values.
Is there a sentinel or a graph API endpoint that’ll allow for me to get this information?
Hello, so if you have defined Custom Details
You can then query for those (example basic query)
SecurityAlert
| where * contains "Custom Details"
| extend CustomDetails_ = tostring(parse_json(tostring(parse_json(tostring(parse_json(ExtendedProperties).["Custom Details"])).ParentFileName))[0])
| where isnotempty(CustomDetails_)
| project CustomDetails_
| take 1
