Tag Archives: azure sentinel api

Get Alert Relation from an Incident using Azure Sentinel Incident Relation API

I have a few questions recently asking if we can get an associated alert for an incident. The idea is to know which alert that caused an incident so SecOps team could better investigate the issue. In this article, let’s … Continue reading

Posted in Security Automation | Tagged , , | Leave a comment

Quick look at new Azure Sentinel Incident API

I got some questions from people who worked with Microsoft product team about the new incident API they were introduced. I took a glance at it and thought I would need to write something about it, especially wrote a new … Continue reading

Posted in Security Automation | Tagged , | 8 Comments

Update Azure Sentinel incident programmatically

There has to be a case that you want to update Azure Sentinel incidents namely label or assignment. For example you would like all brute-force attack related incidents to have label brute-force and to assign to a specific person/team that … Continue reading

Posted in Security Automation | Tagged , | 11 Comments

Extract all Azure Sentinel incidents

I got asked by a few readers after reading this article if there was a way to extract all incidents in Azure Sentinel so they could conduct a report and send out to their managers. In this article, let’s see … Continue reading

Posted in Security Automation | Tagged , , | 5 Comments