Microsoft Sentinel website screenshot

Microsoft Sentinel

Microsoft Sentinel is a cloud-native security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. It provides REST APIs for managing incidents, analytics rules, threat intelligence, and automation playbooks.

1 APIs 0 Features
MicrosoftSecuritySIEMSOARThreat Detection

APIs

Microsoft Sentinel REST API

The Microsoft Sentinel REST API provides programmatic access to security incident management, threat intelligence, watchlists, analytics rules, and automation playbooks. Develop...

Collections

Pricing Plans

Rate Limits

Microsoft Sentinel Rate Limits

5 limits

RATE LIMITS

FinOps

Resources

👥
GitHubOrganization
GitHubOrganization
🌐
Portal
Portal
🔗
Website
Website
🔗
Documentation
Documentation
💰
Pricing
Pricing
🚀
GettingStarted
GettingStarted
🔑
Authentication
Authentication
📜
TermsOfService
TermsOfService
📜
PrivacyPolicy
PrivacyPolicy
💬
Support
Support
🟢
StatusPage
StatusPage

Sources

Raw ↑
opencollection: 1.0.0
info:
  name: Microsoft Sentinel REST API
  version: '2023-02-01'
request:
  auth:
    type: bearer
    token: '{{bearerToken}}'
items:
- info:
    name: AlertRules
    type: folder
  items:
  - info:
      name: List alert rules
      type: http
    http:
      method: GET
      url: https://management.azure.com/subscriptions/:subscriptionId/resourceGroups/:resourceGroupName/providers/Microsoft.OperationalInsights/workspaces/:workspaceName/providers/Microsoft.SecurityInsights/alertRules
      params:
      - name: subscriptionId
        value: ''
        type: path
      - name: resourceGroupName
        value: ''
        type: path
      - name: workspaceName
        value: ''
        type: path
      - name: api-version
        value: ''
        type: query
    docs: List alert rules
  - info:
      name: Get alert rule
      type: http
    http:
      method: GET
      url: https://management.azure.com/subscriptions/:subscriptionId/resourceGroups/:resourceGroupName/providers/Microsoft.OperationalInsights/workspaces/:workspaceName/providers/Microsoft.SecurityInsights/alertRules/:ruleId
      params:
      - name: subscriptionId
        value: ''
        type: path
      - name: resourceGroupName
        value: ''
        type: path
      - name: workspaceName
        value: ''
        type: path
      - name: ruleId
        value: ''
        type: path
      - name: api-version
        value: ''
        type: query
    docs: Get alert rule
  - info:
      name: Create or update alert rule
      type: http
    http:
      method: PUT
      url: https://management.azure.com/subscriptions/:subscriptionId/resourceGroups/:resourceGroupName/providers/Microsoft.OperationalInsights/workspaces/:workspaceName/providers/Microsoft.SecurityInsights/alertRules/:ruleId
      params:
      - name: subscriptionId
        value: ''
        type: path
      - name: resourceGroupName
        value: ''
        type: path
      - name: workspaceName
        value: ''
        type: path
      - name: ruleId
        value: ''
        type: path
      - name: api-version
        value: ''
        type: query
      body:
        type: json
        data: '{}'
    docs: Create or update alert rule
  - info:
      name: Delete alert rule
      type: http
    http:
      method: DELETE
      url: https://management.azure.com/subscriptions/:subscriptionId/resourceGroups/:resourceGroupName/providers/Microsoft.OperationalInsights/workspaces/:workspaceName/providers/Microsoft.SecurityInsights/alertRules/:ruleId
      params:
      - name: subscriptionId
        value: ''
        type: path
      - name: resourceGroupName
        value: ''
        type: path
      - name: workspaceName
        value: ''
        type: path
      - name: ruleId
        value: ''
        type: path
      - name: api-version
        value: ''
        type: query
    docs: Delete alert rule
- info:
    name: Incidents
    type: folder
  items:
  - info:
      name: List incidents
      type: http
    http:
      method: GET
      url: https://management.azure.com/subscriptions/:subscriptionId/resourceGroups/:resourceGroupName/providers/Microsoft.OperationalInsights/workspaces/:workspaceName/providers/Microsoft.SecurityInsights/incidents
      params:
      - name: subscriptionId
        value: ''
        type: path
      - name: resourceGroupName
        value: ''
        type: path
      - name: workspaceName
        value: ''
        type: path
      - name: api-version
        value: ''
        type: query
    docs: List incidents
  - info:
      name: Get incident
      type: http
    http:
      method: GET
      url: https://management.azure.com/subscriptions/:subscriptionId/resourceGroups/:resourceGroupName/providers/Microsoft.OperationalInsights/workspaces/:workspaceName/providers/Microsoft.SecurityInsights/incidents/:incidentId
      params:
      - name: subscriptionId
        value: ''
        type: path
      - name: resourceGroupName
        value: ''
        type: path
      - name: workspaceName
        value: ''
        type: path
      - name: incidentId
        value: ''
        type: path
      - name: api-version
        value: ''
        type: query
    docs: Get incident
  - info:
      name: Create or update incident
      type: http
    http:
      method: PUT
      url: https://management.azure.com/subscriptions/:subscriptionId/resourceGroups/:resourceGroupName/providers/Microsoft.OperationalInsights/workspaces/:workspaceName/providers/Microsoft.SecurityInsights/incidents/:incidentId
      params:
      - name: subscriptionId
        value: ''
        type: path
      - name: resourceGroupName
        value: ''
        type: path
      - name: workspaceName
        value: ''
        type: path
      - name: incidentId
        value: ''
        type: path
      - name: api-version
        value: ''
        type: query
      body:
        type: json
        data: '{}'
    docs: Create or update incident
  - info:
      name: Delete incident
      type: http
    http:
      method: DELETE
      url: https://management.azure.com/subscriptions/:subscriptionId/resourceGroups/:resourceGroupName/providers/Microsoft.OperationalInsights/workspaces/:workspaceName/providers/Microsoft.SecurityInsights/incidents/:incidentId
      params:
      - name: subscriptionId
        value: ''
        type: path
      - name: resourceGroupName
        value: ''
        type: path
      - name: workspaceName
        value: ''
        type: path
      - name: incidentId
        value: ''
        type: path
      - name: api-version
        value: ''
        type: query
    docs: Delete incident
- info:
    name: Bookmarks
    type: folder
  items:
  - info:
      name: List bookmarks
      type: http
    http:
      method: GET
      url: https://management.azure.com/subscriptions/:subscriptionId/resourceGroups/:resourceGroupName/providers/Microsoft.OperationalInsights/workspaces/:workspaceName/providers/Microsoft.SecurityInsights/bookmarks
      params:
      - name: subscriptionId
        value: ''
        type: path
      - name: resourceGroupName
        value: ''
        type: path
      - name: workspaceName
        value: ''
        type: path
      - name: api-version
        value: ''
        type: query
    docs: List bookmarks
- info:
    name: DataConnectors
    type: folder
  items:
  - info:
      name: List data connectors
      type: http
    http:
      method: GET
      url: https://management.azure.com/subscriptions/:subscriptionId/resourceGroups/:resourceGroupName/providers/Microsoft.OperationalInsights/workspaces/:workspaceName/providers/Microsoft.SecurityInsights/dataConnectors
      params:
      - name: subscriptionId
        value: ''
        type: path
      - name: resourceGroupName
        value: ''
        type: path
      - name: workspaceName
        value: ''
        type: path
      - name: api-version
        value: ''
        type: query
    docs: List data connectors
- info:
    name: ThreatIntelligence
    type: folder
  items:
  - info:
      name: List threat intelligence indicators
      type: http
    http:
      method: GET
      url: https://management.azure.com/subscriptions/:subscriptionId/resourceGroups/:resourceGroupName/providers/Microsoft.OperationalInsights/workspaces/:workspaceName/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators
      params:
      - name: subscriptionId
        value: ''
        type: path
      - name: resourceGroupName
        value: ''
        type: path
      - name: workspaceName
        value: ''
        type: path
      - name: api-version
        value: ''
        type: query
    docs: List threat intelligence indicators
bundled: true