cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Hi, does anybody know how to export all incidents to CSV in Microsoft Sentinel please?

Prxmethius666
Copper Contributor

‎Jan 21 2022 08:46 AM

‎Jan 21 2022 08:46 AM

Hi, does anybody know how to export all incidents to CSV in Microsoft Sentinel please?

I've been tasked with creating monthly reports and cant find anything useful in regards to instructions. I don't understand why there isn't just a simple export function like in most other platform.

1,825 Views
0 Likes
1 Reply
Reply
1 Reply
Prxmethius666

‎Jan 21 2022 09:24 AM

‎Jan 21 2022 09:24 AM

Re: Hi, does anybody know how to export all incidents to CSV in Microsoft Sentinel please?

I've worked it out :)

If its useful for anyone else you need to set your time range to what's required and use the following 3 commands in the logs tab, new query box:

// security incidents
// Retrieves all Security Incident work items generated in this solution.
SecurityIncident
| where Severity == "Low"

Then hit export. New query

// security incidents
// Retrieves all Security Incident work items generated in this solution.
SecurityIncident
| where Severity == "Medium"

Then hit export, New query

// security incidents
// Retrieves all Security Incident work items generated in this solution.
SecurityIncident
| where Severity == "High"

Then hit export... Winner

There's probably an easier way but this has worked for me :)
0 Likes
Reply