![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 81%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENA%3C/text%3E%3C/svg%3E)
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
975 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 0%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
@Nafila Afrin Thanks for reaching out.
1) Yes we do have APIs to for various task within Sentinel such as :
Azure Sentinel Management API
Microsoft Graph Security API
Log Analytics API
HTTP Data Collector API
Read more about the APIs and their uses here : https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-api-101/ba-p/1438928
You most likely will need to use the Http data collector API or the Log analytics API if you end service uses REST calls.
2) Yes you can certainly pull the logs from exchange servers. For that you need to install a log analytic agent on the exchange server and select the logs you want from that server.
A detailed guide for this is mentioned at : https://azurecloudai.blog/2021/03/03/how-to-use-azure-sentinel-to-protect-against-the-exchange-zero-day/
-----------------------------------------------------------------------------------------------------------------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.