Gets all alerts for an incident.

External Documentation

To learn more, visit the Microsoft Sentinel documentation.

Parameters

ParameterDescription
Incident IDThe ID of the incident, can be obtained by using the List Incidents action.
Resource Group NameThe name of the resource group. The name is case insensitive.
Subscription IDThe ID of the target subscription.
Workspace NameThe name of the workspace.

Example Output

{
	"value": [
		{
			"id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRG/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/baa8a239-6fde-4ab7-a093-d09f7b75c58c",
			"name": "baa8a239-6fde-4ab7-a093-d09f7b75c58c",
			"type": "Microsoft.SecurityInsights/Entities",
			"kind": "SecurityAlert",
			"properties": {
				"systemAlertId": "baa8a239-6fde-4ab7-a093-d09f7b75c58c",
				"tactics": [],
				"alertDisplayName": "myAlert",
				"confidenceLevel": "Unknown",
				"severity": "Low",
				"vendorName": "Microsoft",
				"productName": "Azure Security Center",
				"alertType": "myAlert",
				"processingEndTime": "2020-07-20T18:21:53.6158361Z",
				"status": "New",
				"endTimeUtc": "2020-07-20T18:21:53.6158361Z",
				"startTimeUtc": "2020-07-20T18:21:53.6158361Z",
				"timeGenerated": "2020-07-20T18:21:53.6158361Z",
				"resourceIdentifiers": [
					{
						"type": "LogAnalytics",
						"workspaceId": "c8c99641-985d-4e4e-8e91-fb3466cd0e5b",
						"subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a",
						"resourceGroup": "myRG"
					}
				],
				"additionalData": {
					"AlertMessageEnqueueTime": "2020-07-20T18:21:57.304Z"
				},
				"friendlyName": "myAlert"
			}
		}
	]
}

Workflow Library Example

List Alerts for Incident with Microsoft Sentinel and Send Results Via Email

Preview this Workflow on desktop