Forum Discussion
API for Sentinel Alerts and Cases
Where can I find docs to query new alerts and cases and interact with then in Azure Sentinel.
Ryan Heffernan
Microsoft
MicrosoftHello,
We have a GitHub repo with sample queries and detections: https://github.com/Azure/Azure-Sentinel
General documentation is here: https://docs.microsoft.com/en-us/azure/sentinel/
Let me know if that doesn't give you what you need.
Are there any plans to add externally-exposed APIs - for example, being able to query Sentinel for alerts, change alert statuses, etc?
I looked through the GitHub repo and didn't see anything really referencing that (primarily related to Notebooks and Hunting Queries).
Is there perhaps any documentation around any externally-exposed APIs like that that you can pass along?
Thanks!
Koby KorenHi,
Azure Sentinel API is coming soon so you can query cases, manage them and update rules as well.
Thanks,
Koby
- Hi,
Is there any update on when this might be available?
Thanks,
Steven
kobigaHi,
The new incidents API should be published by the end of the month
- Hi,
Any updates here? No API for now and even Microsoft.Graph still cannot manipulate with Sentinel incidents(cases).kastromatos have you look at https://github.com/wortell/AZSentinel to understand the API , there is no official documention but they built a powerhell module in order to create / get rules, incidents ... maybe it can help 🙂
Shalini PasupnetiMarticus2425 Azure Sentinel alerts are available for query via Graph Security API. Here's the link to that documentation.
https://docs.microsoft.com/en-us/graph/api/resources/security-api-overview?view=graph-rest-beta
