incident_comments
Creates, updates, deletes, gets or lists an incident_comments resource.
Overview
| Name | incident_comments |
| Type | Resource |
| Id | azure.sentinel.incident_comments |
Fields
The following fields are returned by SELECT queries:
- get
- list
OK, Operation successfully completed
| Name | Datatype | Description |
|---|---|---|
etag | string | Etag of the azure resource |
properties | object | Incident comment properties |
OK, Operation successfully completed
| Name | Datatype | Description |
|---|---|---|
etag | string | Etag of the azure resource |
properties | object | Incident comment properties |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | subscriptionId, resourceGroupName, workspaceName, incidentId, incidentCommentId | Gets a comment for a given incident. | |
list | select | subscriptionId, resourceGroupName, workspaceName, incidentId | $filter, $orderby, $top, $skipToken | Gets all comments for a given incident. |
create_or_update | insert | subscriptionId, resourceGroupName, workspaceName, incidentId, incidentCommentId | Creates or updates a comment for a given incident. | |
delete | delete | subscriptionId, resourceGroupName, workspaceName, incidentId, incidentCommentId | Deletes a comment for a given incident. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
incidentCommentId | string | Incident comment ID |
incidentId | string | Incident ID |
resourceGroupName | string | The name of the resource group. The name is case insensitive. |
subscriptionId | string | The ID of the target subscription. |
workspaceName | string | The name of the workspace. |
$filter | string | Filters the results, based on a Boolean condition. Optional. |
$orderby | string | Sorts the results. Optional. |
$skipToken | string | Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. |
$top | integer (int32) | Returns only the first n results. Optional. |
SELECT examples
- get
- list
Gets a comment for a given incident.
SELECT
etag,
properties
FROM azure.sentinel.incident_comments
WHERE subscriptionId = '{{ subscriptionId }}' -- required
AND resourceGroupName = '{{ resourceGroupName }}' -- required
AND workspaceName = '{{ workspaceName }}' -- required
AND incidentId = '{{ incidentId }}' -- required
AND incidentCommentId = '{{ incidentCommentId }}' -- required
;
Gets all comments for a given incident.
SELECT
etag,
properties
FROM azure.sentinel.incident_comments
WHERE subscriptionId = '{{ subscriptionId }}' -- required
AND resourceGroupName = '{{ resourceGroupName }}' -- required
AND workspaceName = '{{ workspaceName }}' -- required
AND incidentId = '{{ incidentId }}' -- required
AND $filter = '{{ $filter }}'
AND $orderby = '{{ $orderby }}'
AND $top = '{{ $top }}'
AND $skipToken = '{{ $skipToken }}'
;
INSERT examples
- create_or_update
- Manifest
Creates or updates a comment for a given incident.
INSERT INTO azure.sentinel.incident_comments (
data__etag,
data__properties,
subscriptionId,
resourceGroupName,
workspaceName,
incidentId,
incidentCommentId
)
SELECT
'{{ etag }}',
'{{ properties }}',
'{{ subscriptionId }}',
'{{ resourceGroupName }}',
'{{ workspaceName }}',
'{{ incidentId }}',
'{{ incidentCommentId }}'
RETURNING
etag,
properties
;
# Description fields are for documentation purposes
- name: incident_comments
props:
- name: subscriptionId
value: string
description: Required parameter for the incident_comments resource.
- name: resourceGroupName
value: string
description: Required parameter for the incident_comments resource.
- name: workspaceName
value: string
description: Required parameter for the incident_comments resource.
- name: incidentId
value: string
description: Required parameter for the incident_comments resource.
- name: incidentCommentId
value: string
description: Required parameter for the incident_comments resource.
- name: etag
value: string
description: |
Etag of the azure resource
- name: properties
value: object
description: |
Incident comment properties
DELETE examples
- delete
Deletes a comment for a given incident.
DELETE FROM azure.sentinel.incident_comments
WHERE subscriptionId = '{{ subscriptionId }}' --required
AND resourceGroupName = '{{ resourceGroupName }}' --required
AND workspaceName = '{{ workspaceName }}' --required
AND incidentId = '{{ incidentId }}' --required
AND incidentCommentId = '{{ incidentCommentId }}' --required
;