Skip to main content
Get a watchlist.
External DocumentationTo learn more, visit the Microsoft Sentinel documentation.

Parameters

ParameterDescription
Resource Group NameThe name of the resource group. The name is case insensitive.
Subscription IDThe ID of the target subscription.
Watchlist AliasThe watchlist alias.
Workspace NameThe name of the workspace.

Example Output

{
	"id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset",
	"name": "highValueAsset",
	"etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
	"type": "Microsoft.SecurityInsights/Watchlists",
	"systemData": {
		"createdAt": "2022-05-24T20:05:29",
		"createdBy": "<string>",
		"createdByType": "<string>",
		"lastModifiedAt": "2021-07-24T15:40:01",
		"lastModifiedBy": "<string>",
		"lastModifiedByType": "<string>"
	},
	"properties": {
		"watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017",
		"displayName": "High Value Assets Watchlist",
		"provider": "Microsoft",
		"source": "Local file",
		"itemsSearchKey": "header1",
		"created": "2020-09-28T00:26:54.7746089+00:00",
		"updated": "2020-09-28T00:26:57+00:00",
		"createdBy": {
			"objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70",
			"name": "john doe",
			"email": "john@contoso.com"
		},
		"updatedBy": {
			"objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70",
			"email": "john@contoso.com",
			"name": "john doe"
		},
		"description": "Watchlist from CSV content",
		"watchlistType": "watchlist",
		"watchlistAlias": "highValueAsset",
		"isDeleted": false,
		"labels": [
			"Tag1",
			"Tag2"
		],
		"defaultDuration": "P1279DT12H30M5S",
		"tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd",
		"numberOfLinesToSkip": 973
	}
}

Workflow Library Example

Get Watchlist with Microsoft Sentinel and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop