Entities Expand

description expands a specific entity in microsoft azure sentinel by utilizing entityid, subscriptionid, resourcegroupname, and workspacename endpoint url /subscriptions/{{subscriptionid}}/resourcegroups/{{resourcegroupname}}/providers/microsoft operationalinsights/workspaces/{{workspacename}}/providers/microsoft securityinsights/entities/{{entityid}}/expand method post inputs parameters (object) – required api version (string) – required the api version to use for this operation path parameters (object) – required subscriptionid (string) – required the id of the target subscription resourcegroupname (string) – required the name of the resource group the name is case insensitive workspacename (string) – required the name of the workspace regex pattern ^\[a za z0 9]\[a za z0 9 ]+\[a za z0 9]$ entityid (string) – required entity id json body (object) – required expansionid (string) the end date filter, so the only expansion results returned are before this date starttime (string) the id of the expansion to perform endtime (string) the start date filter, so the only expansion results returned are after this date output example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "value" { "entities" \[ { "id" "/subscriptions/d0cfe6b2 9ac0 4464 9919 dccaee2e48c0/resourcegroups/myrg/providers/microsoft operationalinsights/workspaces/myworkspace/providers/microsoft securityinsights/entities/e1d3d618 e11f 478b 98e3 bb381539a8e1", "name" "e1d3d618 e11f 478b 98e3 bb381539a8e1", "type" "microsoft securityinsights/entities", "kind" "ip", "properties" { "address" "13 89 108 248", "friendlyname" "13 89 108 248" } } ], "edges" \[ { "targetentityid" "/subscriptions/d0cfe6b2 9ac0 4464 9919 dccaee2e48c0/resourcegroups/myrg/providers/providers/microsoft operationalinsights/workspaces/myworkspace/providers/microsoft securityinsights/entities/c1d60d86 5988 11eb ae93 0242ac130002", "additionaldata" { "epochtimestamp" "1608289949", "firstseen" "2021 09 01t11🕛29 597z", "source" "heartbeat" } } ] }, "metadata" { "aggregations" \[ { "entitykind" "account", "count" 1 } ] } } } ] output parameters status code (number) reason (string) json body (object) value (object) entities (array) id (string) name (string) type (string) kind (string) properties (object) address (string) friendlyname (string) edges (array) targetentityid (string) additionaldata (object) epochtimestamp (string) firstseen (string) source (string) metadata (object) aggregations (array) entitykind (string) count (number)