incident_relations
Creates, updates, deletes, gets or lists an incident_relations resource.
Overview
| Name | incident_relations |
| Type | Resource |
| Id | azure.sentinel.incident_relations |
Fields
The following fields are returned by SELECT queries:
- get
- list
| Name | Datatype | Description |
|---|---|---|
etag | string | Etag of the azure resource |
properties | object | Relation properties |
| Name | Datatype | Description |
|---|---|---|
etag | string | Etag of the azure resource |
properties | object | Relation properties |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | subscriptionId, resourceGroupName, workspaceName, incidentId, relationName | Gets a relation for a given incident. | |
list | select | subscriptionId, resourceGroupName, workspaceName, incidentId | $filter, $orderby, $top, $skipToken | Gets all relations for a given incident. |
create_or_update | insert | subscriptionId, resourceGroupName, workspaceName, incidentId, relationName | Creates or updates a relation for a given incident. | |
delete | delete | subscriptionId, resourceGroupName, workspaceName, incidentId, relationName | Deletes a relation for a given incident. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
incidentId | string | Incident ID |
relationName | string | Relation Name |
resourceGroupName | string | The name of the resource group. The name is case insensitive. |
subscriptionId | string | The ID of the target subscription. |
workspaceName | string | The name of the workspace. |
$filter | string | Filters the results, based on a Boolean condition. Optional. |
$orderby | string | Sorts the results. Optional. |
$skipToken | string | Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. |
$top | integer (int32) | Returns only the first n results. Optional. |
SELECT examples
- get
- list
Gets a relation for a given incident.
SELECT
etag,
properties
FROM azure.sentinel.incident_relations
WHERE subscriptionId = '{{ subscriptionId }}' -- required
AND resourceGroupName = '{{ resourceGroupName }}' -- required
AND workspaceName = '{{ workspaceName }}' -- required
AND incidentId = '{{ incidentId }}' -- required
AND relationName = '{{ relationName }}' -- required
;
Gets all relations for a given incident.
SELECT
etag,
properties
FROM azure.sentinel.incident_relations
WHERE subscriptionId = '{{ subscriptionId }}' -- required
AND resourceGroupName = '{{ resourceGroupName }}' -- required
AND workspaceName = '{{ workspaceName }}' -- required
AND incidentId = '{{ incidentId }}' -- required
AND $filter = '{{ $filter }}'
AND $orderby = '{{ $orderby }}'
AND $top = '{{ $top }}'
AND $skipToken = '{{ $skipToken }}'
;
INSERT examples
- create_or_update
- Manifest
Creates or updates a relation for a given incident.
INSERT INTO azure.sentinel.incident_relations (
data__etag,
data__properties,
subscriptionId,
resourceGroupName,
workspaceName,
incidentId,
relationName
)
SELECT
'{{ etag }}',
'{{ properties }}',
'{{ subscriptionId }}',
'{{ resourceGroupName }}',
'{{ workspaceName }}',
'{{ incidentId }}',
'{{ relationName }}'
RETURNING
etag,
properties
;
# Description fields are for documentation purposes
- name: incident_relations
props:
- name: subscriptionId
value: string
description: Required parameter for the incident_relations resource.
- name: resourceGroupName
value: string
description: Required parameter for the incident_relations resource.
- name: workspaceName
value: string
description: Required parameter for the incident_relations resource.
- name: incidentId
value: string
description: Required parameter for the incident_relations resource.
- name: relationName
value: string
description: Required parameter for the incident_relations resource.
- name: etag
value: string
description: |
Etag of the azure resource
- name: properties
value: object
description: |
Relation properties
DELETE examples
- delete
Deletes a relation for a given incident.
DELETE FROM azure.sentinel.incident_relations
WHERE subscriptionId = '{{ subscriptionId }}' --required
AND resourceGroupName = '{{ resourceGroupName }}' --required
AND workspaceName = '{{ workspaceName }}' --required
AND incidentId = '{{ incidentId }}' --required
AND relationName = '{{ relationName }}' --required
;