Hi, does anybody know how to export all incidents to CSV in Microsoft Sentinel please?

Copper Contributor

I've been tasked with creating monthly reports and cant find anything useful in regards to instructions. I don't understand why there isn't just a simple export function like in most other platform.

1 Reply
I've worked it out 🙂

If its useful for anyone else you need to set your time range to what's required and use the following 3 commands in the logs tab, new query box:

// security incidents
// Retrieves all Security Incident work items generated in this solution.
SecurityIncident
| where Severity == "Low"

Then hit export. New query

// security incidents
// Retrieves all Security Incident work items generated in this solution.
SecurityIncident
| where Severity == "Medium"

Then hit export, New query

// security incidents
// Retrieves all Security Incident work items generated in this solution.
SecurityIncident
| where Severity == "High"

Then hit export... Winner

There's probably an easier way but this has worked for me 🙂