incidents_entities
Creates, updates, deletes, gets or lists an incidents_entities resource.
Overview
| Name | incidents_entities |
| Type | Resource |
| Id | azure.sentinel.incidents_entities |
Fields
The following fields are returned by SELECT queries:
- list
| Name | Datatype | Description |
|---|---|---|
entities | array | Array of the incident related entities. |
metaData | array | The metadata from the incident related entities results. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list | select | subscriptionId, resourceGroupName, workspaceName, incidentId | Gets all entities for an incident. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
incidentId | string | Incident ID |
resourceGroupName | string | The name of the resource group. The name is case insensitive. |
subscriptionId | string | The ID of the target subscription. |
workspaceName | string | The name of the workspace. |
SELECT examples
- list
Gets all entities for an incident.
SELECT
entities,
metaData
FROM azure.sentinel.incidents_entities
WHERE subscriptionId = '{{ subscriptionId }}' -- required
AND resourceGroupName = '{{ resourceGroupName }}' -- required
AND workspaceName = '{{ workspaceName }}' -- required
AND incidentId = '{{ incidentId }}' -- required
;