Aug 09 2020 09:13 PM
Ok so I know this was posted -> https://techcommunity.microsoft.com/t5/azure-sentinel/get-entities-for-a-sentinel-incidient-by-api/m...
For the life of me I cannot get this working, has anyone else successfully used the 'expand' function with a POST request to grab IP's and such like? I cant really find any documentation on this.
I need to try and do this via the API as I essentially want to call this Playbook via a URL as its being called by another playbook, so I cannot use the normal triggers that would capture all this entity information (like the trigger 'When a response to an Azure Sentinel alert is triggered').
Any ideas?
Aug 10 2020 04:41 AM
@stevebennett500 I see that you replied to the other posting leading me to believe that you have solved this issue. Is that correct?
Aug 10 2020 04:51 AM