Entities and it's related fields

%3CLINGO-SUB%20id%3D%22lingo-sub-2107898%22%20slang%3D%22en-US%22%3EEntities%20and%20it's%20related%20fields%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2107898%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20anyone%20please%20help%20me%20out%20on%20fetching%20entities%20related%20to%20incident.%20I%20found%20one%20article%20in%20which%20we%20need%20to%20make%20two%20calls%20to%20achieve%20this%26nbsp%3B%3C%2FP%3E%3CP%3E1.%20Getting%20the%20system%20alert%20id%20by%20running%20the%26nbsp%3B%3CSTRONG%3E%3CA%20href%3D%22https%3A%2F%2Fmanagement.azure.com%2Fsubscriptions%2F6b1ceacd-5731-4780-8f96-2078dd96fd96%2FresourceGroups%2Fcxp-azuresecurity%2Fproviders%2FMicrosoft.OperationalInsights%2Fworkspaces%2FCxP-AzureSecurityWS%2Fproviders%2FMicrosoft.SecurityInsights%2FIncidents%2F803f3d58-a406-4953-a1df-953143313a74%2Frelations%3Fapi-version%3D2019-01-01-preview%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Erelation%3C%2FA%3E%26nbsp%3BAPI%20call%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eget%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmanagement.azure.com%2Fsubscriptions%2F6b1ceacd-5731-4780-8f96-2078dd96fd96%2FresourceGroups%2Fcxp-azuresecurity%2Fproviders%2FMicrosoft.OperationalInsights%2Fworkspaces%2FCxP-AzureSecurityWS%2Fproviders%2FMicrosoft.SecurityInsights%2FIncidents%2F803f3d58-a406-4953-a1df-953143313a74%2Frelations%3Fapi-version%3D2019-01-01-preview%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmanagement.azure.com%2Fsubscriptions%2Fxxxxx-5731-4780-8f96-2078ddxxxx%2FresourceGroups%2Fcxp-azures...%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ein%20my%20example%20the%20system%20alert%20id%20value%20located%20here%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22avijitkuk_0-1611900254559.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F250514iDE987DBABEA80DD6%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22avijitkuk_0-1611900254559.png%22%20alt%3D%22avijitkuk_0-1611900254559.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2.%26nbsp%3B%20run%20a%20POST%20request%20on%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fmanagement.azure.com%2Fsubscriptions%2F6b1ceacd-5731-4780-8f96-2078dd96fd96%2FresourceGroups%2Fcxp-azuresecurity%2Fproviders%2FMicrosoft.OperationalInsights%2Fworkspaces%2FCxP-AzureSecurityWS%2Fproviders%2FMicrosoft.SecurityInsights%2Fentities%2Ffc4faf6f-03b7-3c57-6892-100a0f960f9d%2Fexpand%3Fapi-version%3D2019-01-01-preview%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Eentities%3C%2FA%3E%26nbsp%3BAPI%20with%20the%20system%20Alert%20ID%20based%20on%20the%20first%20phase%3C%2FP%3E%3CP%3Ewhere%20the%26nbsp%3BexpansionId%20is%20constant%20for%20get%20all%20entities%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EPost%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmanagement.azure.com%2Fsubscriptions%2F6b1ceacd-5731-4780-8f96-2078dd96fd96%2FresourceGroups%2Fcxp-azuresecurity%2Fproviders%2FMicrosoft.OperationalInsights%2Fworkspaces%2FCxP-AzureSecurityWS%2Fproviders%2FMicrosoft.SecurityInsights%2Fentities%2Ffc4faf6f-03b7-3c57-6892-100a0f960f9d%2Fexpand%3Fapi-version%3D2019-01-01-preview%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmanagement.azure.com%2Fsubscriptions%2Fxxxxxxx-5731-4780-xxxx-2078dd96fd96%2FresourceGroups%2Fcxp-az...%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ebody%26nbsp%3B%3C%2FP%3E%3CP%3E%7B%3CBR%20%2F%3E%22expansionId%22%3A%20%22%3CSTRONG%3E98b974fd-cc64-48b8-9bd0-3a209f5b944b%3C%2FSTRONG%3E%22%2C%3CBR%20%2F%3E%7D%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22avijitkuk_1-1611900254557.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F250515iCC0D636EE0A12CAF%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22avijitkuk_1-1611900254557.png%22%20alt%3D%22avijitkuk_1-1611900254557.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHere%20my%20question%20is%2C%20is%20these%20steps%20mentioned%20above%20will%20get%20all%20the%20entities%20info%20associated%20with%20an%20incident%20or%20for%20different%20entities%20we%20have%20to%20hit%20different%20endpoints.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3EMy%20second%20question%20is%20there%20any%20endpoint%20through%20which%20we%20can%20get%20the%20structure%20of%20all%20the%20entities%20and%20it's%20fields.%20In%20future%20entities%20will%20increase%20and%20so%20is%20the%20associated%20field%2C%20is%20there%20an%20endpoint%20in%20management%20apis%20through%20which%20we%20can%20get%20the%20whole%20shema%20of%20entities.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%26nbsp%3B%3C%2FP%3E%3CP%3EAvi%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

Hi,

 

Can anyone please help me out on fetching entities related to incident. I found one article in which we need to make two calls to achieve this 

1. Getting the system alert id by running the relation API call 

 

get:

https://management.azure.com/subscriptions/xxxxx-5731-4780-8f96-2078ddxxxx/resourceGroups/cxp-azures...

 

in my example the system alert id value located here 

 

avijitkuk_0-1611900254559.png

 

 

2.  run a POST request on entities API with the system Alert ID based on the first phase

where the expansionId is constant for get all entities 

 

Post

https://management.azure.com/subscriptions/xxxxxxx-5731-4780-xxxx-2078dd96fd96/resourceGroups/cxp-az...

 

body 

{
"expansionId": "98b974fd-cc64-48b8-9bd0-3a209f5b944b",
}

 

avijitkuk_1-1611900254557.png

 

 

Here my question is, is these steps mentioned above will get all the entities info associated with an incident or for different entities we have to hit different endpoints.

My second question is there any endpoint through which we can get the structure of all the entities and it's fields. In future entities will increase and so is the associated field, is there an endpoint in management apis through which we can get the whole shema of entities.

 

Thanks 

Avi

 

 

 

0 Replies