Jun 14 2021 07:13 AM
We are trying to ingest all the alert details into Splunk, and Splunk Phantom, but we cannot get the last part that allows us to view all the information contained in the alert. (see screenshot for reference)
Any guidance on what API call(s) to use would be greatly appreciated.
API call we are using
https://api-eu.securitycenter.windows.com/api/alerts/da637590078447561363_2087728736
See Screenshot.
Evidence Includes
Evidence Entry 1
However, I cannot seem to figure out how to retrieve this entry via the API, we can only view it in the GUI
--- Network Filter Lookup Service blocked chrome.exe from accessing https://testgvbgjbhjb.com