Reputation: 115
Creating an Alert in Sentinel by REST API (Graph) for Azure Sentinel
I was looking at Alerts APIs for Microsoft Security Graph and it seems like you can't create a new alert by an API? I was wondering if there is anyway I can programmatically create a new alert into Azure Sentinel?
Upvotes: 0
Views: 1657
Answers (2)
Reputation: 2360
There is currently a Sentinel REST API that you can programmatically interact with Azure Sentinel, see below (Swagger 2.0 Specs, in preview)
For creation/update of a new incident, see example: https://github.com/Azure/azure-rest-api-specs/blob/master/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/CreateIncident.json
For a creation of a scheduled alert rule: https://github.com/Azure/azure-rest-api-specs/blob/master/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/CreateScheduledAlertRule.json
Hope this helps, I assume by "alert" you mean an incident.
Upvotes: 0
Reputation: 21
Security alerts are supplied by Microsoft security providers, so creating alerts is not currently an allowed method under Microsoft Graph Security. However, you can create incidents from alerts in Azure Sentinel. Please refer to this documentation.
Upvotes: 0
Related Questions
- Pull extended properties from Microsoft Graph Security API?
- Dismiss Security Center Alert using Graph API
- How to create alert Azure monitor to send daily usage of Sentinel
- Subscription Notifications in Graph SDK
- How to create Azure Alerts using Terraform
- How do I create a notification url endpoint for microsoft graph api change notifications
- Authorization Token for Azure Security Center to dismiss the alerts
- Microsoft Graph Security API - Issue with https://graph.microsoft.com/beta/security/tiIndicators
- Microsoft Graph API webhook - getting multiple post to my notificationUrl
- Webhook notifications with Microsoft Graph API