Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.
Azure Sentinel REST APIs allow you to create and manage data connectors, analytic rules, incidents, bookmarks and get entity information.
REST Operation Groups
|Actions||List all alert rules for an action|
|Alerts Rule Template||List your Alert rules templates available in your Sentinel workspace|
|Alert Rules||Configure Alert rules and actions for your Sentinel workspace|
|Bookmarks||Preserve, tag, map entities, and annotate Log Analytics query results. Create or add a bookmark to an Incident|
|Data Connectors||List, enable or disable data connectors to your Sentinel workspace|
|Incident Comments||Read and create incident comments in your Sentinel workspace|
|Incidents||Read, create and delete incidents in your Sentinel workspace|
|Operations||All avilable operations|