Cannot get Content Hub source type hunting queries via API

Oleksandr Shchevkun 5 Reputation points
2024-09-12T11:00:07.7866667+00:00

I'm trying to get all hhunting querties via Microsoft Sentinel Log Analytics endpoint Saved Searches - List By Workspace (here's the link to its description in Microsoft documentation: https://learn.microsoft.com/en-us/rest/api/loganalytics/saved-searches/list-by-workspace?view=rest-loganalytics-2023-09-01&tabs=HTTP). The documentation does not mention any restrictions depending on the content type, but the actual response the endpoint returns does not include any Content Hub queries while it contains all relevant Custom queries.How do I get Content Hub queries as well?

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,136 questions
0 comments No comments
{count} vote

1 answer

Sort by: Most helpful
  1. Clive Watson 6,356 Reputation points MVP
    2024-09-12T12:58:16.0666667+00:00

    Hello, you can use the Content Hub APIs

    https://learn.microsoft.com/en-us/rest/api/securityinsights/content-templates/list?view=rest-securityinsights-2024-03-01&tabs=HTTP

    You can filter on the properties on: HuntingQuery

    User's image


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.