Apr 30 2020 04:44 AM
Is there a table that we can query Log Analytics for Sentinel Incidents ?
Will this be implement somehow ? It could be very useful for history reasons and actions
If not is there a work around on how to query Incidents, Comments etc ?
Thanks
Apr 30 2020 10:35 AM
@akefallonitis Unfortunately, Incidents can only be queried using Azure Sentinel Rest API calls and not from KQL. According to the Azure Sentinel UserVoice, this is planned on happening but no idea when that will occur.
https://feedback.azure.com/forums/920458-azure-sentinel/suggestions/39491320-kusto-for-incidents-inf...
