Microsoft Sentinel get playbooks by trigger kind

Yair Rascovsky 21 Reputation points
2022-02-24T10:07:35.467+00:00

Hi,
I'm trying to pull all my playbooks using the workflows API - https://learn.microsoft.com/en-us/rest/api/logic/workflows/list-by-resource-group
How can I know which workflow is using the trigger kind "Microsoft Sentinel Alert" and can be used with Alert rules (Kind: Scheduled)?
Maybe there's a better API to use for this task?

Thank you

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,118 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,135 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andrew Blumhardt 9,861 Reputation points Microsoft Employee
    2022-02-27T21:48:23.22+00:00

    Here is a template example and a real-world sample. You see the trigger-name is what you need I think.

    178219-image.png

    178218-image.png

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Andrew Blumhardt 9,861 Reputation points Microsoft Employee
    2022-02-24T17:44:36.09+00:00

    I'm not super smart on APIs but the sample output in the docs has Triggers. Are you not seeing the triggers in the output?

    177559-image.png


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.