SOLVED

How to check if Sentinel is enabled for a subscription (programmatic access)

Frequent Visitor

Hello,

 

Is it possible to query a Resource Provider/ARM property to see if Azure Sentinel has been enabled on a subscription? I was hoping we can use resource graph query or at a minimum an API call to help us see which subscriptions/workspaces are enabled for sentinel (reporting purposes).

 

Thanks in advance.

1 Reply
best response confirmed by Dave Rendón (MVP)
Solution

You can check for a specific log analytics workspace if the sentinel log analytics solutions installed.

By running this REST call

https://docs.microsoft.com/en-us/rest/api/loganalytics/workspaces/listintelligencepacks

And look in the resource this solution name:

 

  "name": "SecurityInsights",
    "enabled": true,
    "displayname": "Security Insights"