Still trying to extract IP addressess from an Alert using the API

stevebennett500 · ‎Aug 09 2020

Ok so I know this was posted -> https://techcommunity.microsoft.com/t5/azure-sentinel/get-entities-for-a-sentinel-incidient-by-api/m...

For the life of me I cannot get this working, has anyone else successfully used the 'expand' function with a POST request to grab IP's and such like? I cant really find any documentation on this.

I need to try and do this via the API as I essentially want to call this Playbook via a URL as its being called by another playbook, so I cannot use the normal triggers that would capture all this entity information (like the trigger 'When a response to an Azure Sentinel alert is triggered').

Any ideas?

Gary Bushey · ‎Aug 10 2020

@stevebennett500 I see that you replied to the other posting leading me to believe that you have solved this issue. Is that correct?

StephenBennett · ‎Aug 10 2020

Yes that’s correct. A rookie error that has been sending me nuts for days!
On the plus side we now have Sentinel talking very nicely back and forth with TheHive.

Still trying to extract IP addressess from an Alert using the API

Still trying to extract IP addressess from an Alert using the API

Re: Still trying to extract IP addressess from an Alert using the API

Re: Still trying to extract IP addressess from an Alert using the API

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Still trying to extract IP addressess from an Alert using the API

Still trying to extract IP addressess from an Alert using the API

Re: Still trying to extract IP addressess from an Alert using the API

Re: Still trying to extract IP addressess from an Alert using the API