Azure Sentinel

Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.

Azure Sentinel REST APIs allow you to create and manage data connectors, analytic rules, incidents, bookmarks and get entity information.

REST Operation Groups

Operation Group Description
Actions List all alert rules for an action
Alerts Rule Template List your Alert rules templates available in your Sentinel workspace
Alert Rules Configure Alert rules and actions for your Sentinel workspace
Bookmarks Preserve, tag, map entities, and annotate Log Analytics query results. Create or add a bookmark to an Incident
Data Connectors List, enable or disable data connectors to your Sentinel workspace
Incident Comments Read and create incident comments in your Sentinel workspace
Incidents Read, create and delete incidents in your Sentinel workspace
Operations All avilable operations