entities
Creates, updates, deletes, gets or lists an entities resource.
Overview
| Name | entities |
| Type | Resource |
| Id | azure.sentinel.entities |
Fields
The following fields are returned by SELECT queries:
SELECT not supported for this resource, use SHOW METHODS to view available operations for the resource.
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
run_playbook | exec | subscriptionId, resourceGroupName, workspaceName, entityIdentifier, logicAppsResourceId | Triggers playbook on a specific entity. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
entityIdentifier | string | Entity ID |
resourceGroupName | string | The name of the resource group. The name is case insensitive. |
subscriptionId | string | The ID of the target subscription. |
workspaceName | string | The name of the workspace. |
Lifecycle Methods
- run_playbook
Triggers playbook on a specific entity.
EXEC azure.sentinel.entities.run_playbook
@subscriptionId='{{ subscriptionId }}' --required,
@resourceGroupName='{{ resourceGroupName }}' --required,
@workspaceName='{{ workspaceName }}' --required,
@entityIdentifier='{{ entityIdentifier }}' --required
@@json=
'{
"incidentArmId": "{{ incidentArmId }}",
"tenantId": "{{ tenantId }}",
"logicAppsResourceId": "{{ logicAppsResourceId }}"
}'
;