Retrieve "dismiss alert" logs in Sentinel

Copper Contributor

Hello everyone :smile:,


I hope you all doing well, I'm trying to retrieve the dismiss alerts logs for MCAS in Azure Sentinel using Azure Log Analytics, however I don't have the raw data as usual which doesn't enable me to know the log type. Are these activities retrievable by any chance (using KQL, API) ?



Thank you,

Stay safe.



4 Replies

@Alexander_Ceyran no, you can't retrieve them into your workspace.


It is possible write a playbook from Sentinel that will dismiss the alerts in MCAS, was this what you were trying to achieve?



@Sarah_Young  I am looking to be able to write a playbook, which will close an MCAS alert in Sentinel and dismiss the corresponding alert in MCAS.

@Sarah_Young Thank you. This should work