Forum Discussion

Brass Contributor

Jun 11, 2020

Microsoft Graph API missing data

I'm using the Graph API to try to query the incidents in Sentinel, however not all of the data is populating properly. The data that is especially useful for the purpose of this API call is the f...

GaryBushey

Bronze Contributor

Jun 12, 2020

leoszalkowski A couple of things

1) The Microsoft Graph API only returns alerts, not incidents. I have been looking into the same issue when using the ServiceNow Graph API connector.

2) Cannot go into much detail but your question may be moot very soon

CliveWatson
Former Employee
Jun 12, 2020
GaryBushey

leoszalkowski

If you are happy to use an api you can use the Azure Sentinel api (preview), like I show here (I use a Workbook but you can use your preferred tool): https://techcommunity.microsoft.com/t5/azure-sentinel/using-the-sentinel-api-to-view-data-in-a-workbook/ba-p/1386436 and as Gary alludes to, things are planned for Incidents - more news soon

Direct link to latest version: https://github.com/CliveW-MSFT/KQLpublic/blob/master/KQL/Workbooks/api%20test%20v1.4.2.workbook which allows you to filter to see Comments, Bookmarks are in a seperate api.
- leoszalkowski
  Brass Contributor
  Jun 15, 2020
  CliveWatson GaryBushey
  
  Awesome, thanks for the information guys! I'll test this out this week and see how it performs.
  
  Can't wait to hear the news.