Tag Archives: azure sentinel api

Quick look at new Azure Sentinel Incident API

I got some questions from people who worked with Microsoft product team about the new incident API they were introduced. I took a glance at it and thought I would need to write something about it, especially wrote a new … Continue reading

Posted in Security Automation | Tagged , | 1 Comment

Update Azure Sentinel incident programmatically

There has to be a case that you want to update Azure Sentinel incidents namely label or assignment. For example you would like all brute-force attack related incidents to have label brute-force and to assign to a specific person/team that … Continue reading

Posted in Security Automation | Tagged , | 6 Comments

Extract all Azure Sentinel incidents

I got asked by a few readers after reading this article if there was a way to extract all incidents in Azure Sentinel so they could conduct a report and send out to their managers. In this article, let’s see … Continue reading

Posted in Security Automation | Tagged , , | 3 Comments