Forum Discussion
Incidents Logs in Log Analytics
Is there a table that we can query Log Analytics for Sentinel Incidents ?
Will this be implement somehow ? It could be very useful for history reasons and actions
If not is there a work around on how to query Incidents, Comments etc ?
Thanks
1 Reply
akefallonitis Unfortunately, Incidents can only be queried using Azure Sentinel Rest API calls and not from KQL. According to the Azure Sentinel UserVoice, this is planned on happening but no idea when that will occur.
