Azure Sentinel REST API to Create Comment

%3CLINGO-SUB%20id%3D%22lingo-sub-2602145%22%20slang%3D%22en-US%22%3EAzure%20Sentinel%20REST%20API%20to%20Create%20Comment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2602145%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EWe%20are%20trying%20to%20create%20comments%20using%20the%20REST%20API.%20The%20Incident%20comments%20%2F%20Create%20comment%20docs%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Frest%2Fapi%2Fsecurityinsights%2Fincident-comments%2Fcreate-comment%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EIncident%20Comments%20-%20Create%20Comment%20-%20REST%20API%20(Azure%20Sentinel)%20%7C%20Microsoft%20Docs%3C%2FA%3E)%20states%20that%20incidentCommentID%20is%20required.%20How%20do%20I%20create%20a%20new%20incident%20comment%20instead%20of%20adding%20to%20an%20existing%20comment%3F%3C%2FP%3E%3CP%3ERegards%3C%2FP%3E%3CP%3EPieter%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2603981%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Sentinel%20REST%20API%20to%20Create%20Comment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2603981%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F323159%22%20target%3D%22_blank%22%3E%40PHancke%3C%2FA%3E%26nbsp%3BThe%20IncidentCommentID%20is%20just%20a%20GUID%20so%20you%20can%20make%20your%20own%20when%20creating%20a%20new%20comment.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBTW%2C%20if%20you%20go%20to%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2Fazure-rest-api-specs%2Ftree%2Fmain%2Fspecification%2Fsecurityinsights%2Fresource-manager%2FMicrosoft.SecurityInsights%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FAzure%2Fazure-rest-api-specs%2Ftree%2Fmain%2Fspecification%2Fsecurityinsights%2Fresource-manager%2FMicrosoft.SecurityInsights%3C%2FA%3E%26nbsp%3Byou%20will%20see%20that%20there%20are%20examples%20on%20how%20to%20use%20most%2C%20if%20not%20all%2C%20of%20the%20REST%20API%20calls.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi,

We are trying to create comments using the REST API. The Incident comments / Create comment docs (Incident Comments - Create Comment - REST API (Azure Sentinel) | Microsoft Docs) states that incidentCommentID is required. How do I create a new incident comment instead of adding to an existing comment?

Regards

Pieter 

1 Reply

@PHancke The IncidentCommentID is just a GUID so you can make your own when creating a new comment.

 

BTW, if you go to https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-mana... you will see that there are examples on how to use most, if not all, of the REST API calls.