Forum Discussion
API for Sentinel Alerts and Cases
Where can I find docs to query new alerts and cases and interact with then in Azure Sentinel.
- Ryan Heffernan
Microsoft
Hello,
We have a GitHub repo with sample queries and detections: https://github.com/Azure/Azure-Sentinel
General documentation is here: https://docs.microsoft.com/en-us/azure/sentinel/
Let me know if that doesn't give you what you need.
Are there any plans to add externally-exposed APIs - for example, being able to query Sentinel for alerts, change alert statuses, etc?
I looked through the GitHub repo and didn't see anything really referencing that (primarily related to Notebooks and Hunting Queries).
Is there perhaps any documentation around any externally-exposed APIs like that that you can pass along?
Thanks!
Koby KorenHi,
Azure Sentinel API is coming soon so you can query cases, manage them and update rules as well.
Thanks,
Koby
Hello Ryan,
I see documentation for how to create KQL queries within the Azure Sentinel panel. Is there a way to query via an API, by using a a cURL request, for example?
What would be great to include with a deployment of Sentinel would be default alerts based on the Data Collections that you add.
Because then they almost have a story to try to use the data with and set up playbooks for. Ryan Heffernan- Koby Koren
Thank you for you feedback.
The team is currently working on adding them as part for the experience.
