How to export Incident list from Azure Sentinel?

Contributor

Hi Team,

 

We have a requirement to export all incidents generated in Azure Sentinel and update customer with the incident which were false positives, true positives, etc.

 

How can we achieve this? I didn't find any option to export incidents in the console.

 

Please help.

 

Regards,

Mitesh Agrawal

3 Replies

@MiteshAgrawal You are correct that you cannot do this via the console.  You can however make some PowerShell calls to get this information.

 

I have a blog post that tells you how to do this: https://www.garybushey.com/2020/01/11/your-first-azure-sentinel-rest-api-call/

 

I also have on that shows you how to export the same data into PowerBI to make some nice charts and graphs: https://www.garybushey.com/2020/01/20/azure-sentinel-incidents-in-powerbi/

Hi @Gary Bushey ,

 

The links aren't accessible. Please help.


Regards,

Mitesh Agrawal

@MiteshAgrawal  Looks like my server is down.  I'll see about getting it back up.  Thanks for letting me know