API versions of Microsoft Sentinel REST APIs
This article lists the current and past versions of the Microsoft Sentinel REST APIs.
Note
Starting from the 2021-09-01-preview release, every Preview version contains all Preview operation groups. Starting from the 2021-10-01 release, every Stable version contains all Stable operation groups. If an operation group hasn’t changed since last version, it will carry over as-is to the new version.
Preview versions
Use the latest preview version when you want to take advantage of all the latest Public Preview features. Note that preview versions are also released to test new functionality, gather feedback, and discover and fix issues. Preview APIs are available under the Supplemental Terms of Use for Microsoft Azure Previews.
Stable versions
Use the latest stable version when you want to access the latest generally available (GA) features.
| API version | Specification | API updates |
|---|---|---|
2023-11-01 |
Swagger specification | Release note |
2023-02-01 |
Swagger specification | Release note |
2022-11-01 |
Swagger specification | |
2022-08-01 |
Swagger specification | Release note |
2021-10-01 |
Swagger specification | Release note |
2021-04-01 |
Swagger specification | Release note |
2020-01-01 |
Swagger specification | Release note |
Release notes
2024-01-01-preview
This is the current Preview release of the Microsoft Sentinel REST APIs. It includes all the previously released Preview & GA features.
- Data Connectors
- Added new connector kind RestApiPoller
- Enrichment
- Added new endpoints
- ListGeodataByIp
- ListWhoisByDomain
- Added new endpoints
- Recommendations
- Divided the Recommendation into multiple Suggestions.
- Added a new “InProgress” state and changed existing ones.
- Added new endpoint
- triggerEvaluation
- ThreatIntelligence
- Added new endpoints
- Query
- Count
- Added new endpoints
2023-12-01-preview
It includes all the previously released Preview & GA features.
2023-11-01
This is the current generally available (GA) release of the Microsoft Sentinel REST APIs.
2023-10-01-preview
This release includes all the previously released Preview features and in addition, the following:
- Data Connectors
- DataConnectorDefinitions - Added exception for the word "Criterias" in the file cSpell.json.
- Content hub
- Added additional supported OData parameters.
2023-08-01-preview
This release includes all the previously released Preview features, plus the following additions:
- Workspace Manager
- Corrective change on WorkspaceManagerMember parameter name.
2023-07-01-preview
This release includes all the previously released Preview features, plus the following additions:
- Data Connectors
- New API endpoint added to manage Data Connector Definitions.
2023-06-01-preview
This release includes all the previously released Preview features, plus the following additions:
- Source Controls
- Added ability to manage Source Control connections via API by adding repository access parameters.
2023-05-01-preview
This release includes all the previously released Preview features, plus the following additions:
Billing Statistics
- Provides billing statistics, such as current usage of the Microsoft Sentinel solution for SAP applications.
Data Connectors
2023-04-01-preview
This release includes all the previously released Preview features, plus the following additions:
Workspace Manager
- The Microsoft Sentinel Workspace Manager enables customers and partners to manage multiple Microsoft Sentinel workspaces from a central point. Endpoints included:
- WorkspaceManagerConfigurations
- WorkspaceManagerMembers
- WorkspaceManagerGroups
- WorkspaceManagerAssignments
- The Microsoft Sentinel Workspace Manager enables customers and partners to manage multiple Microsoft Sentinel workspaces from a central point. Endpoints included:
Hunts
- Added Hunts endpoint
2023-03-01-preview
This release includes all the previously released Preview features, plus the following additions:
- Playbooks
- Entity Trigger
- New endpoint to allow manual trigger of a playbook on an entity.
2023-02-01
Generally available features in this release include:
- Alert Rules (also known as analytics rules)
- Incidents
- Added provider fields to accommodate Sentinel - Microsoft 365 Defender incidents' bi-directional sync
2023-02-01-preview
This release includes all the previously released Preview features, plus the following additions:
- Data Connectors
- New data connector kind added, MicrosoftPurviewInformationProtection. Microsoft Purview Information Protection data connector
- Added filteredProviders property to Microsoft Threat Protection data connector.
- Alert Rules (also known as analytics rules)
- New endpoints added
- triggeredAnalyticsRuleRuns – Get/GetAll
- alertRules/{ruleId}/triggerRuleRun
- New endpoints added
2022-12-01-preview
This release includes all the previously released Preview features, plus the following additions:
- Incidents
- Add incident tasks as a nested resource for incidents
2022-11-01-preview
This release includes all the previously released Preview features, plus the following additions:
- Recommendations
- Recommendations API version added
2022-10-01-preview
This release includes all the previously released Preview features, plus the following additions:
- Automation Rules
- Alert Rules (also known as analytics rules)
- Support alert per event grouping setting for NRT alert rules
2022-09-01-preview
This release includes all the previously released Preview features, plus the following additions:
- Automation Rules
- Alert Rules (also known as analytics rules)
- Support alert per event grouping setting for NRT alert rules
2022-08-01
Generally available features in this release include:
- Alert Rules (also known as analytics rules)
- MITRE support
2022-08-01-preview
This version includes all the previously released Preview features, plus the following additions:
- File imports
- New operation group. Allows bulk addition of indicators to Threat Intelligence. Learn more
2021-10-01
This version includes all the previously released generally available (GA) features, plus the following additions:
- Alert Rules (also known as analytics rules)
- Alert grouping alignment
- Entity mapping
- Custom details
- Alert details
- Automation Rules
- Onboarding States
2021-10-01-preview
This version includes all the previously released Preview features, plus the following additions:
- Alert Rules (also known as analytics rules)
- MITRE tactics and techniques have been updated in analytics rules models.
- Automation Rules
- New endpoint added for running playbooks on-demand on incidents.
- Bookmarks
- MITRE techniques have been added.
- Extended entity mapping support has been added.
- Data connectors
- Office connectors have been added.
- Incidents
- Techniques have been added to the incident schema.
- Provider incident URL has been added to incident schema.
2021-09-01-preview
This version includes all the previously released Preview features, plus the following additions:
- Alert Rules (also known as analytics rules)
- Template version
- NRT
- Add Office IRM connector support
- Data connectors
2021-04-01
Generally available features in this release include:
- Incidents
- Threat Intelligence
- Watchlists
- Incidents
2020-01-01
Generally available features in this release include:
- Alert rules
- Alert rules templates
- Bookmarks
- Data connectors
- Incidents