List Incident Bookmarks

description retrieve all bookmarks associated with an incident in microsoft azure sentinel, requiring subscription, resource group, workspace, and incident ids endpoint url /subscriptions/{{subscriptionid}}/resourcegroups/{{resourcegroupname}}/providers/microsoft operationalinsights/workspaces/{{workspacename}}/providers/microsoft securityinsights/incidents/{{incidentid}}/bookmarks method post inputs path parameters (object) – required path parameters subscriptionid (string) – required the id of the target subscription resourcegroupname (string) – required the name of the resource group the name is case insensitive workspacename (string) – required the name of the workspace regex pattern ^\[a za z0 9]\[a za z0 9 ]+\[a za z0 9]$ incidentid (string) – required incident id parameters (object) – required url query parameters api version (string) – required the api version to use for this action output example \[ { "status code" 200, "response headers" { "cache control" "no cache", "pragma" "no cache", "transfer encoding" "chunked", "content type" "application/json; charset=utf 8", "content encoding" "gzip", "expires" " 1", "vary" "accept encoding", "server" "kestrel", "x ms ratelimit remaining subscription resource requests" "499", "x ms request id" "fa5a78c9 cc33 4e7e 9aa1 800086279fbd", "x ms correlation request id" "fa5a78c9 cc33 4e7e 9aa1 800086279fbd", "x ms routing request id" "southindia 20230729t112006z\ fa5a78c9 cc33 4e7e 9aa1 800086279fbd", "strict transport security" "max age=31536000; includesubdomains", "x content type options" "nosniff", "date" "sat, 29 jul 2023 11 20 05 gmt" }, "reason" "ok", "json body" { "value" \[ { "id" "/subscriptions/d0cfe6b2 9ac0 4464 9919 dccaee2e48c0/resourcegroups/myrg/providers/microsoft operationalinsights/workspaces/myworkspace/providers/microsoft securityinsights/bookmarks/afbd324f 6c48 459c 8710 8d1e1cd03812", "name" "afbd324f 6c48 459c 8710 8d1e1cd03812", "type" "microsoft securityinsights/entities", "kind" "bookmark", "properties" { "displayname" "securityevent 868f40f4698d", "created" "2020 06 17t15 34 01 4265524+00 00", "updated" "2020 06 17t15 34 01 4265524+00 00", "createdby" { "objectid" "b03ca914 5eb6 45e5 9417 fe0797c372fd", "email" "user\@microsoft com", "name" "user" }, "updatedby" { "objectid" "b03ca914 5eb6 45e5 9417 fe0797c372fd", "email" "user\@microsoft com", "name" "user" }, "eventtime" "2020 06 17t15 34 01 4265524+00 00", "labels" \[], "query" "securityevent\r\n| take 1\n", "queryresult" "{\\"timegenerated\\" \\"2020 05 24t01 24 25 67z\\",\\"account\\" \\"\\\\\\\administrator\\",\\"accounttype\\" \\"user\\",\\"computer\\" \\"securityevents\\",\\"eventsourcename\\" \\"microsoft windows security auditing\\",\\"channel\\" \\"security\\",\\"task\\" 12544,\\"level\\" \\"16\\",\\"eventid\\" 4625,\\"activity\\" \\"4625 an account failed to log on \\",\\"authenticationpackagename\\" \\"ntlm\\",\\"failurereason\\" \\"%%2313\\",\\"ipaddress\\" \\"176 113 115 73\\",\\"ipport\\" \\"0\\",\\"lmpackagename\\" \\" \\",\\"logonprocessname\\" \\"ntlmssp \\",\\"logontype\\" 3,\\"logontypename\\" \\"3 network\\",\\"process\\" \\" \\",\\"processid\\" \\"0x0\\",\\" entitymapping\\" {\\"\\\\\\\administrator\\" \\"account\\",\\"securityevents\\" \\"host\\"}}", "additionaldata" { "etag" "\\"3b00acab 0000 0d00 0000 5f15e4ed0000\\"", "entityid" "afbd324f 6c48 459c 8710 8d1e1cd03812" }, "friendlyname" "securityevent 868f40f4698d" } }, { "id" "/subscriptions/d0cfe6b2 9ac0 4464 9919 dccaee2e48c0/resourcegroups/myrg/providers/microsoft operationalinsights/workspaces/myworkspace/providers/microsoft securityinsights/bookmarks/bbbd324f 6c48 459c 8710 8d1e1cd03812", "name" "bbbd324f 6c48 459c 8710 8d1e1cd03812", "type" "microsoft securityinsights/entities", "kind" "bookmark", "properties" { "displayname" "securityevent 868f40f4698d", "created" "2020 06 17t15 34 01 4265524+00 00", "updated" "2020 06 17t15 34 01 4265524+00 00", "createdby" { "objectid" "303ca914 5eb6 45e5 9417 fe0797c372fd", "email" "user\@microsoft com", "name" "user" }, "updatedby" { "objectid" "b03ca914 5eb6 45e5 9417 fe0797c372fd", "email" "user\@microsoft com", "name" "user" }, "eventtime" "2020 06 17t15 34 01 4265524+00 00", "labels" \[], "query" "securityevent\r\n| take 1\n", "queryresult" "{\\"timegenerated\\" \\"2020 05 24t01 24 25 67z\\",\\"account\\" \\"\\\\\\\administrator\\",\\"accounttype\\" \\"user\\",\\"computer\\" \\"securityevents\\",\\"eventsourcename\\" \\"microsoft windows security auditing\\",\\"channel\\" \\"security\\",\\"task\\" 12544,\\"level\\" \\"16\\",\\"eventid\\" 4625,\\"activity\\" \\"4625 an account failed to log on \\",\\"authenticationpackagename\\" \\"ntlm\\",\\"failurereason\\" \\"%%2313\\",\\"ipaddress\\" \\"176 113 115 73\\",\\"ipport\\" \\"0\\",\\"lmpackagename\\" \\" \\",\\"logonprocessname\\" \\"ntlmssp \\",\\"logontype\\" 3,\\"logontypename\\" \\"3 network\\",\\"process\\" \\" \\",\\"processid\\" \\"0x0\\",\\" entitymapping\\" {\\"\\\\\\\administrator\\" \\"account\\",\\"securityevents\\" \\"host\\"}}", "additionaldata" { "etag" "\\"3b00acab 0000 0d00 0000 5f15e4ed0000\\"", "entityid" "afbd324f 6c48 459c 8710 8d1e1cd03812" }, "friendlyname" "securityevent 868f40f4698d" } } ] } } ] output parameters status code (number) reason (string) json body (object) value (array) id (string) name (string) type (string) kind (string) properties (object) displayname (string) created (string) updated (string) createdby (object) objectid (string) email (string) name (string) updatedby (object) objectid (string) email (string) name (string) eventtime (string) labels (array) file name (string) – required file (string) – required query (string) queryresult (string) additionaldata (object) etag (string) entityid (string) friendlyname (string) response headers header type cache control string pragma string transfer encoding string content type string content encoding string expires string vary string server string x ms ratelimit remaining subscription resource requests string x ms request id string x ms correlation request id string x ms routing request id string strict transport security string x content type options string date string