incidents_alerts
Creates, updates, deletes, gets or lists an incidents_alerts resource.
Overview
| Name | incidents_alerts |
| Type | Resource |
| Id | azure.sentinel.incidents_alerts |
Fields
The following fields are returned by SELECT queries:
- list
| Name | Datatype | Description |
|---|---|---|
kind | string | The kind of the entity. |
properties | object | SecurityAlert entity properties |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list | select | subscriptionId, resourceGroupName, workspaceName, incidentId | Gets all alerts for an incident. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
incidentId | string | Incident ID |
resourceGroupName | string | The name of the resource group. The name is case insensitive. |
subscriptionId | string | The ID of the target subscription. |
workspaceName | string | The name of the workspace. |
SELECT examples
- list
Gets all alerts for an incident.
SELECT
kind,
properties
FROM azure.sentinel.incidents_alerts
WHERE subscriptionId = '{{ subscriptionId }}' -- required
AND resourceGroupName = '{{ resourceGroupName }}' -- required
AND workspaceName = '{{ workspaceName }}' -- required
AND incidentId = '{{ incidentId }}' -- required
;