Tag Archives: azure sentinel incident

Quick look at new Azure Sentinel Incident API

Posted on 03/18/2020 by azsec

I got some questions from people who worked with Microsoft product team about the new incident API they were introduced. I took a glance at it and thought I would need to write something about it, especially wrote a new … Continue reading →

Get all comments in an Azure Sentinel incident programmatically

Posted on 01/27/2020 by azsec

For any kind of report you may want to get all comments in an Azure Sentinel in order to archive as an forensic or incident artifact in an incident case before it is closed. Even comments in Azure Sentinel is … Continue reading →

Posted in Security Automation | Tagged azure sentinel, azure sentinel comment, azure sentinel incident | Leave a comment

Demystify alert generated by Azure Sentinel versus other 3rd products

Posted on 01/12/2020 by azsec

There is a question in the community asking about alert field in Incident page, along with the question about what it meant. In this article, let’s talk about that and see how to distinguish between alert generated from Azure Sentinel … Continue reading →

Posted in Security Operation | Tagged azure security center, azure sentinel alert, azure sentinel incident | 1 Comment

Extract all Azure Sentinel incidents

Posted on 12/16/2019 by azsec

I got asked by a few readers after reading this article if there was a way to extract all incidents in Azure Sentinel so they could conduct a report and send out to their managers. In this article, let’s see … Continue reading →

Posted in Security Automation | Tagged azure sentinel, azure sentinel api, azure sentinel incident | 3 Comments