List Entities For Incident

Gets all entities for an incident.

External Documentation

To learn more, visit the Microsoft Sentinel documentation.

Parameters

Parameter	Description
Incident ID	Incident ID.
Resource Group Name	The name of the resource group. The name is case insensitive.
Subscription ID	The ID of the target subscription.
Workspace Name	The name of the workspace. Use the `Log Analytics List Workspaces` action to get workspace names.

Example Output

{
    "entities": [
        {
            "id": "Fully qualified resource ID for the resource. Ex - /subscriptions/{subscription_id}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}",
            "name": "The name of the resource",
            "systemData": {
                "createdAt": "The timestamp of resource creation (UTC).",
                "createdBy": "The identity that created the resource.",
                "createdByType": "The type of identity that created the resource.",
                "lastModifiedAt": "The timestamp of resource last modification (UTC)",
                "lastModifiedBy": "The identity that last modified the resource.",
                "lastModifiedByType": "The type of identity that last modified the resource."
            },
            "type": "The type of the resource. E.g. \"Microsoft.Compute/virtualMachines\" or \"Microsoft.Storage/storageAccounts\""
        }
    ],
    "metaData": [
        {
            "count": 0,
            "entityKind": "The kind of the entity"
        }
    ]
}

Workflow Library Example

List Entities for Incident with Microsoft Sentinel and Send Results Via Email

Preview this Workflow on desktop

List Entities For Incident

Parameters​

Example Output​

Workflow Library Example​

Parameters

Example Output

Workflow Library Example