List Incident Alerts

6 min

description retrieve all alerts associated with a specific incident in microsoft azure sentinel, including details like subscription id, resource group, workspace name, and incident id endpoint url /subscriptions/{{subscriptionid}}/resourcegroups/{{resourcegroupname}}/providers/microsoft operationalinsights/workspaces/{{workspacename}}/providers/microsoft securityinsights/incidents/{{incidentid}}/alerts method post inputs path parameters (object) – required path parameters subscriptionid (string) – required the id of the target subscription resourcegroupname (string) – required the name of the resource group the name is case insensitive workspacename (string) – required the name of the workspace regex pattern ^\[a za z0 9]\[a za z0 9 ]+\[a za z0 9]$ incidentid (string) – required incident id parameters (object) – required url query parameters api version (string) – required the api version to use for this action output example \[ { "status code" 200, "response headers" { "cache control" "no cache", "pragma" "no cache", "transfer encoding" "chunked", "content type" "application/json; charset=utf 8", "content encoding" "gzip", "expires" " 1", "vary" "accept encoding", "server" "kestrel", "x ms ratelimit remaining subscription resource requests" "499", "x ms request id" "8745ade4 8c1e 4c0b beec 2969c4a779e9", "x ms correlation request id" "8745ade4 8c1e 4c0b beec 2969c4a779e9", "x ms routing request id" "southindia 20230729t111826z 8745ade4 8c1e 4c0b beec 2969c4a779e9", "strict transport security" "max age=31536000; includesubdomains", "x content type options" "nosniff", "date" "sat, 29 jul 2023 11🔞26 gmt" }, "reason" "ok", "json body" { "value" \[ { "id" "/subscriptions/38d4cde9 8ef2 4c61 bc61 7fa8658ab74b/resourcegroups/test/providers/microsoft operationalinsights/workspaces/swimlaneazuresentinel/providers/microsoft securityinsights/entities/fa4298e7 2a38 778b b875 44509409d7fa", "name" "fa4298e7 2a38 778b b875 44509409d7fa", "type" "microsoft securityinsights/entities", "kind" "securityalert", "properties" { "systemalertid" "fa4298e7 2a38 778b b875 44509409d7fa", "tactics" \[], "alertdisplayname" "azure sentinel update alert", "description" "update alert", "confidencelevel" "unknown", "severity" "medium", "vendorname" "microsoft", "productname" "azure sentinel", "productcomponentname" "scheduled alerts", "alerttype" "7b3f088b d55a 485c b030 4cb167e8cffd 6134bf18 8d6a 46ff a3f1 cdd43cafbf57", "processingendtime" "2023 07 29t00 29 50 5444443z", "status" "new", "endtimeutc" "2023 07 28t19 50 00 684261z", "starttimeutc" "2023 07 28t19 45 39 4493887z", "timegenerated" "2023 07 29t00 29 50 5833611z", "provideralertid" "9028e8ae c8ea 4d48 9ecd 551e8ac7c1b2", "resourceidentifiers" \[ { "type" "loganalytics", "workspaceid" "7b3f088b d55a 485c b030 4cb167e8cffd", "subscriptionid" "38d4cde9 8ef2 4c61 bc61 7fa8658ab74b", "resourcegroup" "test" } ], "additionaldata" { "alertmessageenqueuetime" "2023 07 29t00 29 50 586z", "search query results overall count" "12", "originalproductname" "azure sentinel", "originalproductcomponentname" "scheduled alerts" }, "friendlyname" "azure sentinel update alert" } } ] } } ] output parameters status code (number) reason (string) json body (object) value (array) id (string) name (string) type (string) kind (string) properties (object) systemalertid (string) tactics (array) file name (string) – required file (string) – required alertdisplayname (string) description (string) confidencelevel (string) severity (string) vendorname (string) productname (string) productcomponentname (string) alerttype (string) processingendtime (string) status (string) endtimeutc (string) starttimeutc (string) timegenerated (string) provideralertid (string) resourceidentifiers (array) type (string) workspaceid (string) subscriptionid (string) resourcegroup (string) additionaldata (object) alertmessageenqueuetime (string) search query results overall count (string) originalproductname (string) originalproductcomponentname (string) friendlyname (string) response headers header type cache control string pragma string transfer encoding string content type string content encoding string expires string vary string server string x ms ratelimit remaining subscription resource requests string x ms request id string x ms correlation request id string x ms routing request id string strict transport security string x content type options string date string

List By Workspace Saved Searches

List Incident Bookmarks