Feb 27 2020 03:58 AM
Hi Team,
We have a requirement to export all incidents generated in Azure Sentinel and update customer with the incident which were false positives, true positives, etc.
How can we achieve this? I didn't find any option to export incidents in the console.
Please help.
Regards,
Mitesh Agrawal
Feb 27 2020 05:25 AM
@MiteshAgrawal You are correct that you cannot do this via the console. You can however make some PowerShell calls to get this information.
I have a blog post that tells you how to do this: https://www.garybushey.com/2020/01/11/your-first-azure-sentinel-rest-api-call/
I also have on that shows you how to export the same data into PowerBI to make some nice charts and graphs: https://www.garybushey.com/2020/01/20/azure-sentinel-incidents-in-powerbi/
Feb 27 2020 11:47 PM
Feb 28 2020 04:51 AM
@MiteshAgrawal Looks like my server is down. I'll see about getting it back up. Thanks for letting me know