cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

How to check if Sentinel is enabled for a subscription (programmatic access)

Alex Campos
Copper Contributor

‎Sep 27 2019 12:29 PM

‎Sep 27 2019 12:29 PM

How to check if Sentinel is enabled for a subscription (programmatic access)

Hello,

 

Is it possible to query a Resource Provider/ARM property to see if Azure Sentinel has been enabled on a subscription? I was hoping we can use resource graph query or at a minimum an API call to help us see which subscriptions/workspaces are enabled for sentinel (reporting purposes).

 

Thanks in advance.

2,815 Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by Dave Rendón (MVP)
Yaniv Shasha

‎Sep 28 2019 12:50 PM

‎Sep 28 2019 12:50 PM

Solution

Re: How to check if Sentinel is enabled for a subscription (programmatic access)

You can check for a specific log analytics workspace if the sentinel log analytics solutions installed.

By running this REST call

https://docs.microsoft.com/en-us/rest/api/loganalytics/workspaces/listintelligencepacks

And look in the resource this solution name:

 

  "name": "SecurityInsights",
    "enabled": true,
    "displayname": "Security Insights"

 

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Dave Rendón (MVP)
Yaniv Shasha

‎Sep 28 2019 12:50 PM

‎Sep 28 2019 12:50 PM

Solution

Re: How to check if Sentinel is enabled for a subscription (programmatic access)

You can check for a specific log analytics workspace if the sentinel log analytics solutions installed.

By running this REST call

https://docs.microsoft.com/en-us/rest/api/loganalytics/workspaces/listintelligencepacks

And look in the resource this solution name:

 

  "name": "SecurityInsights",
    "enabled": true,
    "displayname": "Security Insights"

 

View solution in original post

0 Likes
Reply