Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Still trying to extract IP addressess from an Alert using the API

Copper Contributor

Ok so I know this was posted ->


For the life of me I cannot get this working, has anyone else successfully used the 'expand' function with a POST request to grab IP's and such like? I cant really find any documentation on this.


I need to try and do this via the API as I essentially want to call this Playbook via a URL as its being called by another playbook, so I cannot use the normal triggers that would capture all this entity information (like the trigger 'When a response to an Azure Sentinel alert is triggered').


Any ideas?

2 Replies

@stevebennett500 I see that you replied to the other posting leading me to believe that you have solved this issue.  Is that correct?

Yes that’s correct. A rookie error that has been sending me nuts for days!
On the plus side we now have Sentinel talking very nicely back and forth with TheHive.