Forum Discussion

punkrokk

Copper Contributor

Mar 01, 2019

API for Sentinel Alerts and Cases

Where can I find docs to query new alerts and cases and interact with then in Azure Sentinel.

GaryBushey

Bronze Contributor

May 16, 2020

SanderWannet I have a series of blog posts on using the Azure Sentinel REST API including how to get Incidents into a Log Analytics workspace at https://www.garybushey.com To start off I would suggest this one: https://www.garybushey.com/2020/01/11/your-first-azure-sentinel-rest-api-call/

dinvlad

Copper Contributor

Jul 09, 2021

Would it be possible to expose an API method to POST alerts from an external source? For example, I'd like to import all alerts from an Event Hub via a Logic App into Security Center or Sentinel. Neither of those currently seem to support Event Hub as a source or provide an API method to create alerts (but only to get/update/list them). Thanks!

GaryBushey
Bronze Contributor
Jul 12, 2021
dinvlad The only thing that comes to mind is to create a Logic App that reads the Event Hub and uses the Azure Monitor action to write an entry to a custom log in Azure Sentinel.
dinvlad
Copper Contributor
Jul 10, 2021
GaryBushey tbh I'm just looking for a way to "import" alerts, recommendations, findings, security score and compliance reports from Event Hub into either Security Center or Sentinel (I don't really care which one). So far there appears to be no way to do it from what I can tell, other than maybe through Sentinel incidents like you noted. Any other ideas here? Thanks
GaryBushey
Bronze Contributor
Jul 09, 2021
dinvlad I don't see anything about creating alerts, only incidents. Is there a reason you would rather create an alert?