Quickly test Microsoft Sentinel REST API

There are several ways to test Microsoft Sentinel REST API with GET method. You can test directly (from Try It button) on the REST API docs page. Postman is another option.

I have developed a simple PowerShell script to help you test Microsoft Sentinel REST API. The script cover the most commonly used APIs including alert, incident, threat intelligence, watchlist, bookmark and connector.

The script provides you two options:

  • Get information of a specific item (e.g. alert rule, incident, threat intelligence indicator).
  • Get all items

The following command can be used to get information of a connector whose name (ID) is f232f1d8-5117-4bed-85f7-3b93e9c77d86

.\Test-AzSentinelGetApi.ps1 -WorkspaceResourceId "/supscriptions/xxxx...."" `
                            -ApiType "connector" `
                            -Method "GET"
                            -Id "f232f1d8-5117-4bed-85f7-3b93e9c77d86" `

If you want to get all items, you don’t need to provide the item Id.

The script also uses latest stable API except the alert rule it is using a preview version. Read the following article for more information why:

Create an alert with custom entity mapping using Microsoft Sentinel REST API

Access and try this script here.

If you have any question or feedback please feel free to leave a comment in the Comment box or create a GitHub issue.

This entry was posted in Security Automation and tagged , . Bookmark the permalink.

1 Response to Quickly test Microsoft Sentinel REST API

  1. alexmfst says:

    The script is great. Thanks a lot for what you have done for the community!

Leave a Reply

Your email address will not be published.