Microsoft improving the Azure Sentinel REST API

I was looking the latest changes MS made to the Azure Sentinel REST API (available at https://github.com/Azure/azure-rest-api-specs/tree/master/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview) and noticed that they now have an entire section called “incidents” that can be used just as “cases” could before.

This makes more sense since, during the beta, Alerts created “cases” but now they create “incidents” . This will make it easier to use and understand the REST API. From my testing anytime I have made a reference to “cases” in my REST API URL, I can change it to “incidents” and it will work just the same.

Leave a Reply

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.