API Power BI Report

%3CLINGO-SUB%20id%3D%22lingo-sub-3198005%22%20slang%3D%22en-US%22%3EAPI%20Power%20BI%20Report%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3198005%22%20slang%3D%22en-US%22%3E%3CP%3EHallo%20community%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ei%20have%20to%20build%20a%20Power%20BI%20Report.%20I%20need%20all%20incidents%20and%20their%20alerts%20from%20Sentinel.%3C%2FP%3E%3CP%3EWhich%20API%20can%20get%20me%20the%20data%20for%20all%20incidents%20and%20alerts%3F%3C%2FP%3E%3CP%3EI%20am%20confused%20because%20there%20are%20Sentinel%20Managment%20API%2C%20HTTP%20Data%20Connector%2C%20Log%20Analytics%20and%20Graph%20Security%20API.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3198141%22%20slang%3D%22en-US%22%3ERe%3A%20API%20Power%20BI%20Report%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3198141%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Frest%2Fapi%2Fsecurityinsights%2Fpreview%2Fincidents%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Frest%2Fapi%2Fsecurityinsights%2Fpreview%2Fincidents%3C%2FA%3E%20(Alerts%20are%20in%20this%20list%20as%20well)%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3198364%22%20slang%3D%22en-US%22%3ERe%3A%20API%20Power%20BI%20Report%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3198364%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1314403%22%20target%3D%22_blank%22%3E%40CanerHan%3C%2FA%3E%26nbsp%3BYour%20best%20bet%20is%20to%20create%20the%20needed%20query%20in%20MS%20Sentinel's%20Logs%20area%26nbsp%3B%20and%20then%20use%20the%20Export%20command%20in%20the%20header%20to%20export%20to%20PowerBI.%26nbsp%3B%20It%20will%20create%20a%20text%20file%20that%20will%20tell%20you%20how%20to%20get%20the%20data%20into%20PowerBI.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22GaryBushey_0-1645528901770.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F350307i7DBEEB2D5D669118%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22GaryBushey_0-1645528901770.png%22%20alt%3D%22GaryBushey_0-1645528901770.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3198372%22%20slang%3D%22en-US%22%3ERe%3A%20API%20Power%20BI%20Report%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3198372%22%20slang%3D%22en-US%22%3EThis%20thread%20may%20help%20if%20you%20need%20a%20Incident%20and%20Alerts%20type%20query%20(as%20an%20example%20you%20can%20tweak)%3A%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-sentinel%2Fhow-to-get-the-real-count-of-incidents-in-microsoft-sentinel%2Fm-p%2F3102751%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-sentinel%2Fhow-to-get-the-real-count-of-incidents-in-microsoft-sentinel%2Fm-p%2F3102751%3C%2FA%3E%3C%2FLINGO-BODY%3E
Regular Visitor

Hallo community,

 

i have to build a Power BI Report. I need all incidents and their alerts from Sentinel.

Which API can get me the data for all incidents and alerts?

I am confused because there are Sentinel Managment API, HTTP Data Connector, Log Analytics and Graph Security API.

3 Replies

@CanerHan Your best bet is to create the needed query in MS Sentinel's Logs area  and then use the Export command in the header to export to PowerBI.  It will create a text file that will tell you how to get the data into PowerBI.

GaryBushey_0-1645528901770.png

 

This thread may help if you need a Incident and Alerts type query (as an example you can tweak): https://techcommunity.microsoft.com/t5/microsoft-sentinel/how-to-get-the-real-count-of-incidents-in-...