Forum Discussion

Copper Contributor

May 13, 2021

Fetch Events of Sentinel incidents via Api

Hello, i need to get the data of the Events related to a Incident of Sentinel but i don't find any info in the docs about that I need in specifict that 2 events of that incident @...

Chi_Nguyen

Iron Contributor

May 14, 2021

madmvx You can use IncidentRelation API to get entities associated with an incident (this is closest to getting evidence).
Note this API is currently in preview. That's why we don't have documentation about it. However, you can view the API specs here: https://github.com/Azure/azure-rest-api-specs/blob/master/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/entities/GetAllIncidentEntities.json

If you want to get evidence table, then using the Log Analytics, as shoando mentioned above. API: https://dev.loganalytics.io/documentation/Using-the-API

madmvx
Copper Contributor
May 14, 2021
Yes, i used the entities api but i don't need that information, i need to get the evidence of the table, but how can i get a relation with that?
In incident api i cant get a query to call the logAnalytics Api Chi_Nguyen
- donvitter
  Copper Contributor
  Nov 22, 2023
  Hi madmvx
  
  I have the same need to get events from sentinel Alerts using a programatic method.
  
  I'm wondering if you finally found a way to get such Events from a Sentinel alert.
  
  Thank you in advance.