Working with Analytics rules Part 2 – The rules

Introduction So far in this series, we have looked at the Rule templates.  Now we will look at the Analytics rules that we are currently using. Listing all the Analytic Rules Much like looking at the Analytic rule templates, we can make a REST call to look at all the rules we are using. The […]

Working with Analytics rules Part 1 – Templates

Introduction In the previous post I showed you how to get a listing of all your Incidents (AKA cases) from Azure Sentinel.  I will come back to those in just a little bit.  But for now I want to talk about how those Incidents get generated. As I am sure you know, Incidents are usually […]

Your first Azure Sentinel REST API call

Introduction In this post, we will get ready to use the Azure Sentinel REST APIs.  We will discuss getting PowerShell setup, what needs to be done before you can call the REST APIs and then we will make a sample call. First and foremost, we will be using the new PowerShell core.  It is the […]

Introduction to Azure Sentinel REST APIs

Microsoft has stated that they will be releasing the official version of the AzureSentinel APIs “soon”.   While they may not be official, the APIsare publishing on GitHub and, as far as I can tell, seem to be workingperfectly well.  This post will introduce you to the APIs and how to usethem using PowerShell. Why […]