SOLVED
Home

How to check if Sentinel is enabled for a subscription (programmatic access)

%3CLINGO-SUB%20id%3D%22lingo-sub-879807%22%20slang%3D%22en-US%22%3EHow%20to%20check%20if%20Sentinel%20is%20enabled%20for%20a%20subscription%20(programmatic%20access)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-879807%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20it%20possible%20to%20query%20a%20Resource%20Provider%2FARM%20property%20to%20see%20if%20Azure%20Sentinel%20has%20been%20enabled%20on%20a%20subscription%3F%20I%20was%20hoping%20we%20can%20use%20resource%20graph%20query%20or%20at%20a%20minimum%20an%20API%20call%20to%20help%20us%20see%20which%20subscriptions%2Fworkspaces%20are%20enabled%20for%20sentinel%20(reporting%20purposes).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-880812%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20check%20if%20Sentinel%20is%20enabled%20for%20a%20subscription%20(programmatic%20access)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-880812%22%20slang%3D%22en-US%22%3E%3CP%20style%3D%22margin%3A%200in%3B%20font-family%3A%20Calibri%3B%20font-size%3A%2011.0pt%3B%22%3EYou%20can%20check%20for%20a%20specific%20log%20analytics%20workspace%20if%20the%20sentinel%20log%20analytics%20solutions%20installed.%3C%2FP%3E%0A%3CP%20style%3D%22margin%3A%200in%3B%20font-family%3A%20Calibri%3B%20font-size%3A%2011.0pt%3B%22%3EBy%20running%20this%20REST%20call%3C%2FP%3E%0A%3CP%20style%3D%22margin%3A%200in%3B%20font-family%3A%20Calibri%3B%20font-size%3A%2011.0pt%3B%22%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Frest%2Fapi%2Floganalytics%2Fworkspaces%2Flistintelligencepacks%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Frest%2Fapi%2Floganalytics%2Fworkspaces%2Flistintelligencepacks%3C%2FA%3E%3C%2FP%3E%0A%3CP%20style%3D%22margin%3A%200in%3B%20font-family%3A%20Calibri%3B%20font-size%3A%2011.0pt%3B%22%3EAnd%20look%20in%20the%20resource%20this%20solution%20name%3A%3C%2FP%3E%0A%3CP%20style%3D%22margin%3A%200in%3B%20font-family%3A%20Calibri%3B%20font-size%3A%2011.0pt%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22response-body%20small%22%3E%20%20%3CSPAN%20class%3D%22hljs-attr%22%3E%22name%22%3C%2FSPAN%3E%3A%20%3CSPAN%20class%3D%22hljs-string%22%3E%22SecurityInsights%22%3C%2FSPAN%3E%2C%0A%20%20%20%20%3CSPAN%20class%3D%22hljs-attr%22%3E%22enabled%22%3C%2FSPAN%3E%3A%20%3CSPAN%20class%3D%22hljs-literal%22%3Etrue%3C%2FSPAN%3E%2C%0A%20%20%20%20%3CSPAN%20class%3D%22hljs-attr%22%3E%22displayname%22%3C%2FSPAN%3E%3A%20%3CSPAN%20class%3D%22hljs-string%22%3E%22Security%20Insights%22%3C%2FSPAN%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Alex Campos
Frequent Visitor

Hello,

 

Is it possible to query a Resource Provider/ARM property to see if Azure Sentinel has been enabled on a subscription? I was hoping we can use resource graph query or at a minimum an API call to help us see which subscriptions/workspaces are enabled for sentinel (reporting purposes).

 

Thanks in advance.

1 Reply
Solution

You can check for a specific log analytics workspace if the sentinel log analytics solutions installed.

By running this REST call

https://docs.microsoft.com/en-us/rest/api/loganalytics/workspaces/listintelligencepacks

And look in the resource this solution name:

 

  "name": "SecurityInsights",
    "enabled": true,
    "displayname": "Security Insights"

 

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies