Microsoft Sentinel
Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM), and security orchestration automated response (SOAR) solution. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.
Microsoft Sentinel REST APIs allow you to create and manage data connectors, analytic rules, incidents, bookmarks, and get entity information.
REST Operation Groups
| Operation Group | Description |
|---|---|
| Actions | List all alert rules for an action |
| Alerts Rule Template | List your Alert rules templates available in your Microsoft Sentinel workspace |
| Alert Rules | Configure Alert rules and actions for your Microsoft Sentinel workspace |
| Automation Rules | Configure automation rules for your Microsoft Sentinel workspace |
| Bookmarks | Preserve, tag, map entities, and annotate Log Analytics query results. Create or add a bookmark to an Incident |
| Data Connectors | List, enable, or disable data connectors to your Microsoft Sentinel workspace |
| Incident Comments | Read and create incident comments in your Microsoft Sentinel workspace |
| Incident Relations | Read and create incident relations in your Microsoft Sentinel workspace |
| Incidents | Read, create, and delete incidents in your Microsoft Sentinel workspace |
| Operations | All available operations |
| Sentinel Onboarding States | Create, delete, get and list onboarding states. |
| Threat Intelligence Indicator | Create, append tags, delete, get, query indicators. |
| Threat Intelligence Indicator Metrics | List threat intelligence indicator metrics. |
| Threat Intelligence Indicators | List all indicators. |
| Watchlist Items | Read and create watchlist items. |
| Watchlists | Read and create watchlists. |